Comcast said it has removed two vulnerabilities unearthed by a security researcher that could be used by hackers to expose partial home addresses and the Social Security numbers of the cable operator's broadband customers.
One of the vulnerabilities uncovered by security researcher Ryan Stevenson centered on an in-home authentication portal that lets customers pay bills without signing in with their credentials. Instead, they can verify their account by picking one of four suggested partial home addresses, according to BuzzFeed News, which first reported about the issue. If someone spoofed Comcast using an "X-forwarded for" technique, used to identify an originating IP address of a client device, they could refresh the login page to obtain the customer's location, the report explained.
The second vulnerability uncovered by Stevenson centered on a sign-up page coming by way of a website associated with one of Comcast's authorized sales agents. According to the report, a hacker, with a customer's billing address, could access a sign-up page to uncover the last four digits of a customer's Social Security number. That sensitive Social Security and home address data could then be exploited by hackers to access other types of accounts.
Comcast confirmed that the vulnerabilities uncovered by the researcher were legitimate and said it moved quickly to plug them before, it believes, anyone could use them for nefarious means. BuzzFeed News noted that Comcast, as a preventive measure, "put a strict rate limit on the portal" and now requires customers to manually input personal info to verify their accounts.
"We quickly investigated these issues and within hours we blocked both vulnerabilities, eliminating the ability to conduct the actions described by these researchers," a Comcast spokesman said in a statement. "We take our customers' security very seriously, and we have no reason to believe these vulnerabilities were ever used against Comcast customers outside of the research described in this report."
Stevenson was also involved in another vulnerability issue, uncovered in May, pertaining to Comcast's activation portal for broadband gateways. In that scenario, a hacker could obtain a Comcast customer's WiFi credentials (machine data, not customer data) if they were able to get their mitts on a discarded bill or email from the operator. At the time, Comcast said it removed an option that exposed the vulnerability and kicked off an investigation.
Although Comcast learned of the latest vulnerabilities discovered by the researcher via BuzzFeed, the company, which ended Q2 2018 with 24.44 million residential high-speed internet customers, does provide a portal for researchers to alert the company about potential security issues.
According to the site, Comcast defines a security vulnerability as an "unintended weakness or exposure that could be used to compromise the integrity, availability or confidentiality of our products and services." But the MSO also acknowledges that it does not offer a bounty program or provide compensation in exchange for security vulnerably submissions.
— Jeff Baumgartner, Senior Editor, Light Reading