The first problem with the Comcast claim that the guest network is separate from the homeowners private network is that there are no technical details on how this is done. The data traffic needs to be separate over the air, in the router and as far as anyone on the Internet can discern.
Comcast has not said if xfinity wifi traffic is encrypted over the air, a huge omission. Their FAQ page has one relevant sentence: "Whenever you sign in, we help protect your privacy and the safety of your Comcast Email or username and password by providing 128-bit encryption on the sign in page". In other words, their sign-in page uses HTTPS. WPA2? None of our business.
Heck, they don't even say which Wi-Fi frequency band (2.4GHz or 5GHz) they use.
Is this…show more content… Another security issue involves the user_id/password used to logon to XFINITY WiFi. It is the same one used to logon to the Comcast website to manage an account. If a bad guy got hold of it (more on this below) there is a huge potential for abuse.
They can see your billing details and read your webmail. They can add HBO and Cinemax to your account. Worst of all, they can logon to XFINITY WiFi as you, do something illegal and have everything point back to you.
A much better approach would have been for Comcast to let their customers create a new user_id and password, one that is only valid for XFINITY Wi-Fi. Better yet, there should be a Wi-Fi only userid/password for each member of the family. A single user_id/password being used for everything is too tempting a…show more content… I suspect, however, that it is a big security flaw.
How does this work? Needless to say at this point, I could find no relevant DOCUMENTATION.
How might it work?
If Comcast required their software on wireless devices, then their software could generate some type of unique identifier that was only known to Comcast. But their software is not required. Any wireless enabled device can logon to XFINITY WiFi. So, how might Comcast uniquely identify a particular device?
By MAC address (MAC, all upper case, is a network identifier; Mac, with the ac in lower case, is a computer from Apple).
All wired and wireless network hardware has a unique 48 bit identifier called a MAC address. From the start, MAC addresses were designed to be globally unique. The first 24 bits identify the company that made the hardware, the last 24 bits function as a serial number for the device.
A router has at least three MAC addresses, one for its WAN connection to the Internet, one for its LAN connection and one for its Wi-Fi radio. A dual band router will have a MAC address for each wireless band. You can usually find the MAC addresses of a router on a sticker on the