Skip to main content
  1. Home
  2. Computing
  3. News

Data-stealing bug prompts Comcast to shut down Xfinity activation website

By
comcast xfinity store
Ken Wolter/123rf

Two security researchers uncovered a bug within Comcast’s online activation portal that revealed a customer’s home address along with the Wi-Fi network name and password in plain text. Within hours of learning of the flaw uncovered by Karan Saini and Ryan Stevenson, Comcast shut down the Xfinity activation site, citing customer security as its top concern.

In order for customers to activate their routers, they have to visit an Xfinity activation website to enter some user information in order to setup their router and service. Saini and Stevenson discovered that even though the website asks for a customer’s full address, just an apartment or house number was needed along with an account ID. Both pieces of information required to gain access to the activation portal could easily be found on a discarded bill.

Recommended Videos

The activation portal continues to work and return information about the customer and the Wi-Fi network even after the router and home broadband service has been activated.

Related

If a customer is using a Comcast or Xfinity-branded router, then the activation portal continues to return updated network information, so if a customer changes the network name or password, that latest information would be displayed on the activation portal. ZDNet noted that there’s no way for a customer to opt out of this system. For customers using their own router, the publication discovered that the portal doesn’t have access to the Wi-Fi network name and password to display.

On the primary level, the security concern is that customer’s network data and home address isn’t protected by requiring information that’s not readily available through an account statement. Further, once a hacker obtains the network data, they can use it in a malicious manner if they’re within close proximity to the Wi-Fi network. The network ID and password could be used to gain access to unencrypted web traffic that passes through the router. Additionally, hackers can also temporarily lock users out by changing the network name and password once they have access.

Comcast has since disabled this feature on its website to correct the security flaw. “Within hours of learning of this issue, we shut it down,” a Comcast spokesperson told ZDnet. “We are conducting a thorough investigation and will take all necessary steps to ensure that this doesn’t happen again.” In a separate statement to Gizmodo, Comcast noted that it doesn’t believe that any data was improperly accessed as a result of this bug.

News of the bug comes at a time when Comcast is launching its own mesh networking accessory.

Editors’ Recommendations

Topics
Chuong Nguyen
Chuong Nguyen
Former Digital Trends Contributor
Silicon Valley-based technology reporter and Giants baseball fan who splits his time between Northern California and Southern…
The best all-in-one printers you can buy in 2024
Canon's imageClass MF753Cdw has a quick, full-duplex ADF.

If you're shopping for the best printers for a home office, an all-in-one is a good choice. Multifunction printers include scanners to digitize receipts, invoices, and other documents. The scan and print functions combine to make copies. Some all-in-one printers can connect to a phone line to act like a fax machine.

Multifunction printers are like the smaller cousins of the bulkier copiers you might see at the office. As our printer buyers' guide points out, an all-in-one printer usually costs less than it would to buy a printer and scanner separately. Here are some of the best multifunction printers on the market today.

Read more
Asus pits AMD’s performance against Intel’s efficiency
Asus ProArt PX13 front view showing display and keyboard.

Several new laptops chipsets have been introduced lately in response to Microsoft's Copilot+ PC AI initiative. They sport faster neural processing units (NPUs) to speed up on-device AI processing and make it more efficient, but they're not precisely the same. AMD's Ryzen AI 9 chipsets are aimed at overall performance, while Intel's Lunar Lake is aimed at efficiency.

The Asus ProArt PX13 is one of the first with AMD's chipset, and it's a highly portable 13-inch laptop. The Asus Zenbook S 14 is aimed at great battery life in a thin-and-light design using Lunar Lake. Both are some of the best laptops you can buy today, but which laptop is the better choice?
Specs and configurations

Read more
Nvidia might finally fix its VRAM problem — but it will take time
The Razer Blade 14 and 18 on a table.

It's no secret that some of Nvidia's best graphics cards could use a little more VRAM. According to a new leak, Nvidia may be addressing that problem in a big way -- at least in laptops. The RTX 5090 laptop GPU is now reported to come with 24GB VRAM across a 256-bit memory bus. The downside? These new laptops might not make it to market as soon as we'd hoped.

The information comes from Moore's Law Is Dead, who cites his own industry sources as he spills the beans on RTX 50-series laptop specs. Up until now, we've not heard much about Nvidia's plans for RTX 50 laptops, indicating that they might be a few months away. The YouTuber agrees with this, saying that Nvidia might be targeting a launch window in the first or second quarter of 2025. This might not affect the entire lineup, though.

Read more