Revisiting Comcast's Xfinity public hotspot strategy

Following a conversation with Comcast's Corporate Communications group, I have some corrections to make and concerns to add

Last week I wrote about Comcast's plan to build the nation's biggest Wi-Fi service by co-opting their customers' Xfinity gateways and, following a detailed conversation with a representative from Comcast's Corporate Communications group, I have some corrections to make and quite a few additional concerns to add.

What about bandwidth?

First, the question of bandwidth use over which I stand corrected. It turns out that there is considerable headroom available on Xfinity service which is divided into four 36Mbps channels for a total maximum of 144Mbps. The top service tier for Xfinity is 105Mbps, which leaves plenty of room to squeeze in up to a theoretical 35Mbps for the public access Wi-Fi users. Color me wrong.

Wi-Fi signal strength

Comcast's representative also explained that the public signal was typically only accessible within about 50 feet of the access point. Given that most APs will be in private dwellings where attenuation from walls and equipment will likely reduce the range even further, it would seem that the vast majority of use will be by visitors to the premises housing the AP making the utilization of the public Wi-Fi most probably extremely low. At the same time the public AP will always be live unless the AP's owner has disabled the service (something that less than 1% of the current 3 million public service enabled Xfinity router owners have done). The result is more radio "noise" and bandwidth use in the customer's environment for little benefit to anyone.

Legal liability

What about the legal liability issue? While the IP address of the public service will be different from that of the hosting customer, the physical address of both will be the same. No matter how much people might like to think that law enforcement would never make a mistake and raid the wrong person's house or that charges of downloading pirated material would be pressed, let me remind you that these kinds of issues have happened before (the disturbing tales of a man falsely accused of downloading child pornography in Buffalo in 2011, a woman falsely accused of copyright infringement in Finland in 2012, and a family a SWAT team raided by mistake also in 2012 are just a few of many examples of what can go wrong when law enforcement gets involved with digital communications).

Problematic freebies

Another concern should be that in an attempt to grow Comcast's customer base, the public service will allow two free one-hour sessions per MAC address per month to non-subscribers. This strikes me as a weak way to manage non-customer access as changing the MAC address of most computer devices is ridiculously easy and therefore provides hackers with yet another means of Internet access without any real risk of detection.

But Wait! There's more!

Want more potential problems? How about the opportunity for hackers to mount "Man In The Middle" attacks? This was covered nicely by my esteemed and mysterious colleague, Ms. Smith, in her article Evil Xfinity Wi-Fi access point proof-of-concept for fun, profit and Comcast chaos.

Comcast's representative was at pains to promote the idea that customer security and service integrity is of paramount concern, but given that the Xfinity routers still allow for Wi-Fi Protected Setup (WPS), a feature that has been well-known for a long time to be one of the least secure methods of authentication, combined with all of the other ways that Xfinity public access could be insecure, I'd say the entire plan is flawed.

Be all of that as it may, the Comcast representative told me the company expects to have 8 million customers with the public access feature enabled by year end. You might accuse me of being too cautious and therefore overly critical of this strategy, but one of the things we've all seen time and time again is that when it comes to digital communications the chances of unintended consequences messing everything up is directly related to scale, and with 8 million customers involved, the odds of serious problems emerging are very, very high.

Tags comcastsecuityXfinity

Show Comments