# Comcast Is Turning Customer Routers Into Public WiFi Spots



## newtekie1 (Jun 10, 2013)

[sigquote]Are you a Comcast or Xfinity customer? If so, there’s an exciting new initiative Comcast is trying to make you be a part of without asking. Namely one where, if you’ve got the latest version of Comcast’s WiFi “gateway,” you’ll not only be broadcasting your own private signal, but a public one! That any Comcast subscriber can use! Without your knowledge![/sigquote]

http://www.uproxx.com/technology/2013/06/comcast-makes-customer-routers-public-wifi-points

Now I will say that the article makes an extremely big deal out of this, and I don't believe it is nearly as big of a deal as they make it out to be.  And they make such a big deal because of the author's obvious lack of knowledge on the subject.  

First, it is entirely possible to do this without affecting your bandwidth.  Comcast has an insane amount of bandwidth, they offer a 200Mbps connection.  So if you have a 50Mbps connection, that is 150Mbps that is going unused, that can be used by the public wi-fi without affecting your connection speed at all.  Also, Comcast has a very good grasp of what the connection to your home is capable of.

Second, they are wrong in assuming that if enough people connect to the public wi-fi it will eventually have to slow down your connection.  QoS would prevent this, it would always give the private network priority.  Also, if the connection is partitioned properly the public traffic will never use private bandwidth. If the line coming into your home is capable of 75Mbps and the router is set up to use a 15MBps connection for the public wi-fi, then it will get 15Mbps and only 15Mbps, while you happily get a constant 50Mbps and there is 10Mbps to spare.  Yes, the public will have to share the 15Mbps, but for a public connection that is fine, even with a lot of users.

Third, the claim that someone will figure out how to hop from the public to the private.  Well, there have been routers with guest wi-fi on the market for years now and I don't know of a single instance of someone figuring out how to get onto the private network using a guest connection.  Also, if the gateway itself actually is two different routers in one box then this would be physically impossible to do anyway.


----------



## brandonwh64 (Jun 10, 2013)

LOL wow! I work for a telecommunications provider and my coworkers are baffled that they would do that.


----------



## newtekie1 (Jun 10, 2013)

brandonwh64 said:


> LOL wow! I work for a telecommunications provider and my coworkers are baffled that they would do that.



I'm not, I'm sure it is a reaction to Google's public wi-fi efforts.  Sort of a "Hey, look at us!  We do that too!"

To me it makes sense, and it is actually a good thing.  Especially since I'm a Comcast customer and get to benefit from free public wi-fi.  Though in today's day and age, I'm never really that far away from a Starbucks or McDonalds that offer's free public wifi anyway, but those places usually have horribly slow connection.  This Comcast public wi-fi would actually be fast.  And considering most homes in the Chicago/NWI area have Comcast connection capable of at least 100Mbps, and most are using the basic 25Mbps plan, that is a shitload of unused bandwidth Comcast has to play with.


----------



## brandonwh64 (Jun 10, 2013)

We offer a form of free wifi but they are separate from the retail customers network and are ran off a wireless controller that is monitored. Would you want anyone on your home router that is not a member of your house hold without your permission?


----------



## Easy Rhino (Jun 10, 2013)

that seems like a terrible thing to do. thankfully i am a FIOS customer and kicked Comcast down the road a long time ago.


----------



## dir_d (Jun 10, 2013)

Seems like an excellent idea as long as it basically on another vlan, connection or channel and has no effect on your connection at all. If comcast has the extra bandwidth it doesnt matter.


----------



## newtekie1 (Jun 10, 2013)

brandonwh64 said:


> Would you want anyone on your home router that is not a member of your house hold without your permission?



I already have a guest wlan available already for anyone to use, so yes.


----------



## FordGT90Concept (Jun 10, 2013)

Do you have a password on the guest WLAN?


----------



## cadaveca (Jun 10, 2013)

brandonwh64 said:


> We offer a form of free wifi but they are separate from the retail customers network and are ran off a wireless controller that is monitored. Would you want anyone on your home router that is not a member of your house hold without your permission?



I have both cable TV and internet on the same FIOS service. What Comcast is doing is technically no different. The routers are capable of running multiple connections on different domains, so traffic from one doesn't interfere with another. My actual connection is now 50 Mb/s, but only 19 Mb/s is allowed for internet service, via specific IP routing assigned to the internal switch. TV service offers up to 6 IP addresses via a separate domain using the remaining bandwidth, via the same switch, but when the devices connect, the custom firmware identifies the device as requiring the alternate domain. Setting that up to be for WiFi instead of TV makes perfect sense, and it is easy to see how they can regulate it to work for Comcast subscribers only. The only thing that sucks is you pay to electrically power the connection. They pump 100 Mb/s to your house, give you 50, leave 50 for public access. With the proliferation of devices already in existing homes, things like mobile WiFi within the Comcast network can work well, and travelling users won't remain on any one person's connection for very long. Setup up properly, there will be continuous highspeed WiFi available anywhere you go in any metropolitan center. It also covers the legal side of things of people using your connection, since the WiFi would be considered it's own private network.


----------



## Easy Rhino (Jun 10, 2013)

cadaveca said:


> I have both cable TV and internet on the same FIOS service. What Comcast is doing is technically no different. The routers are capable of running multiple connections on different domains, so traffic from one doesn't interfere with another. My actual connection is now 50 Mb/s, but only 19 Mb/s is allowed for internet service, via specific IP routing assigned to the internal switch. TV service offers up to 6 IP addresses via a separate domain using the remaining bandwidth, via the same switch, but when the devices connect, the custom firmware identifies the device as requiring the alternate domain. Setting that up to be for WiFi instead of TV makes perfect sense, and it is easy to see how they can regulate it to work for Comcast subscribers only. The only thing that sucks is you pay to electrically power the connection. They pump 100 Mb/s to your house, give you 50, leave 50 for public access. With the proliferation of devices already in existing homes, things like mobile WiFi within the Comcast network can work well, and travelling users won't remain on any one person's connection for very long. Setup up properly, there will be continuous highspeed WiFi available anywhere you go in any metropolitan center. It also covers the legal side of things of people using your connection, since the WiFi would be considered it's own private network.



awesome! now it is even easier to steal people's identities! all i have to do is spoof a comcast hotspot and packet log everything. i can then use their creds to steal their ACTUAL comcast wifi service and employ all sorts of malicious attacks without anyone knowing who i am! let the cyberwar begin!


----------



## cadaveca (Jun 10, 2013)

Easy Rhino said:


> awesome! now it is even easier to steal people's identities! all i have to do is spoof a comcast hotspot and packet log everything. i can then use their creds to steal their ACTUAL comcast wifi service and employ all sorts of malicious attacks without anyone knowing who i am! let the cyberwar begin!



technically possible, but I challenge you to actually do it.

None's cracked Gabe Newell's STEAM account yet...since it's tied to his physical hardware. This is where the firmware comes in. You need some serious hardware hacking skills PLUS software to do this one, and few have those skills.


Just sayin. I won't buy into your side of this myself, but at the same time, I'm the one that refuses to use a cellphone since I feel they are personal tracking devices.


----------



## Nordic (Jun 10, 2013)

I personally don't like how users can't opt out of this. Or can they by using their own router?


----------



## Easy Rhino (Jun 10, 2013)

cadaveca said:


> technically possible, but I challenge you to actually do it.
> 
> None's cracked Gabe Newell's STEAM account yet...since it's tied to his physical hardware. This is where the firmware comes in. You need some serious hardware hacking skills PLUS software to do this one, and few have those skills.
> 
> ...



i don't need to hack anything. all i have to do is setup a mobile hotspot called 'comcast' or whatever comcast is going to use as their naming convention and trick somebody to log into it. since i won't have any sort of encryption on i will get their login/pass in clear text and then use that to login to their actual comcast account using a proxy service to make me anonymous. i can pull up their billing address from their account, drive over there and login to their private wifi. now i am on their network get a list of valid mac addresses. log out. log back in, wipe the router log files and mount an attack.


----------



## cadaveca (Jun 10, 2013)

Easy Rhino said:


> all i have to do is setup a mobile hotspot called 'comcast' or whatever comcast is going to use as their naming convention and *trick somebody to log into it*



That's using social engineering, and is hardly hacking in my books. Anyone can look over someone's shoulder and steal passwords, and I fail to see any skill involved. It's also not exactly THAT simple, but for current connections, most likely so. You can walk by someone(and you don't have to be that close, either) and steal CC data already. Big deal.


----------



## Easy Rhino (Jun 10, 2013)

cadaveca said:


> That's using social engineering, and is hardly hacking in my books. Anyone can look over someone's shoulder and steal passwords, and I fail to see any skill involved. It's also not exactly THAT simple, but for current connections, most likely so.



social engineering is how people obtain private information these days. i consider it hacking.


----------



## cadaveca (Jun 10, 2013)

Easy Rhino said:


> social engineering is how people obtain private information these days. i consider it hacking.



Meh. It's too easy to be considered hacking, in my books. I'm not saying the system is perfect, and at the same time, things like you mention aren't things that concern me. Here  I sit in my livingroom, testing motherboards and crap all day, broadcasting it all via teamspeak that anyone can log into. Privacy is detrimental to my success.

But everyone having access to high-speed WiFi, now that's something I can make money with. Bring it on.


----------



## Easy Rhino (Jun 10, 2013)

cadaveca said:


> Meh. It's too easy to be considered hacking, in my books. I'm not saying the system is perfect, and at the same time, things like you mention aren't things that concern me. Here  I sit in my livingroom, testing motherboards and crap all day, broadcasting it all via teamspeak that anyone can log into. Privacy is detrimental to my success.
> 
> But everyone having access to high-speed WiFi, now that's something I can make money with. Bring it on.



yea, it isn't technically challenging but you still have to have an understanding of the underlying systems and the savvy to trick people.


----------



## newtekie1 (Jun 10, 2013)

FordGT90Concept said:


> Do you have a password on the guest WLAN?



No, I just have it throttled to 1Mbps on ports 80, 443, 53, 110, 25, 465, 587 and it drops to 56Kbps on any data transfer larger than 512KB.  All other ports are limited to 1Kbps at all times.  Anyone can access it, it works for doing basic tasks like checking email, or connecting a smartphone to so they aren't using their data connection.  But not really practical for doing anything else and anyone that thinks they can hop on it to download massive files better be really desperate.



james888 said:


> I personally don't like how users can't opt out of this. Or can they by using their own router?



They can opt out of it even if you use Comcast's routers.  But, yes, you can also use your own equipment as well.



Easy Rhino said:


> i don't need to hack anything. all i have to do is setup a mobile hotspot called 'comcast' or whatever comcast is going to use as their naming convention and trick somebody to log into it. since i won't have any sort of encryption on i will get their login/pass in clear text and then use that to login to their actual comcast account using a proxy service to make me anonymous. i can pull up their billing address from their account, drive over there and login to their private wifi. now i am on their network get a list of valid mac addresses. log out. log back in, wipe the router log files and mount an attack.



That argument applies to any public wi-fi scenario.


----------



## Easy Rhino (Jun 10, 2013)

newtekie1 said:


> That argument applies to any public wi-fi scenario.



yea, but now i can even collect comcast userid/passwords ! 

for instance, if you sit in a starbucks and create a "starbucks-pub" hotspot you will attract people to login. but you really only get unencrypted info. so if they visit any https page then it is pointless.

with a comcast guest public wifi i assume people who can login have to have a comcast account. i can capture their userid/password, get their entire account history, and target specific homes in my area. it also means i can use their credentials to login to any comcast public wifi spot across the country and it isn't like they would know. comcast is opening up a can of wormd with this.

for this very reason i never ever login to a public wifi hotspot. i always use a 4g connection and from there use a VPN for anything identity related.


----------



## v12dock (Jun 10, 2013)

Sounds like a easy way to double your bandwidth.


----------



## newtekie1 (Jun 10, 2013)

Easy Rhino said:


> yea, but now i can even collect comcast userid/passwords !
> 
> for instance, if you sit in a starbucks and create a "starbucks-pub" hotspot you will attract people to login. but you really only get unencrypted info. so if they visit any https page then it is pointless.
> 
> ...



Again, that applies to pretty much any public hotspot and service.

Just setup a public hotspot that points to your own custom DNS server.  Redirect all DNS requests for Comcast.net, Yahoo.com, Gmail.com, ATT.net, etc. to your custom web server with sites for each one that looks identical to the real sites. Log what people put into the username and password fields on your custom site.  When they click log in redirect them to the real site's login page, they'll think they entered the wrong password and log in again, this time successfully and never be wiser that they just gave their username and password away.


----------



## OnePostWonder (Jun 11, 2013)

So would the people using your hotspot have the same external IP as you?  If that were the case, talk about a legal nightmare.  I know courts have already said an IP *does not* mean a person, but people are still capable of being convicted of a crime based solely on the fact that their IP requested or sent certain traffic.


----------



## AsRock (Jun 11, 2013)

james888 said:


> I personally don't like how users can't opt out of this. Or can they by using their own router?



By not having a wireless router ? hehe.

What i am not understanding is how can they use your router to do this as they would need permission to do it.  Sure if it was though the modem but router that shit don't even belong to them and maybe i should charge them $7 for rent as they used to for my modem lol.


----------



## Easy Rhino (Jun 11, 2013)

newtekie1 said:


> Again, that applies to pretty much any public hotspot and service.
> 
> Just setup a public hotspot that points to your own custom DNS server.  Redirect all DNS requests for Comcast.net, Yahoo.com, Gmail.com, ATT.net, etc. to your custom web server with sites for each one that looks identical to the real sites. Log what people put into the username and password fields on your custom site.  When they click log in redirect them to the real site's login page, they'll think they entered the wrong password and log in again, this time successfully and never be wiser that they just gave their username and password away.



Yup, but now I get the added benefit of connecting to any Comcast guest wifi hotspot across the country!!!


----------



## newtekie1 (Jun 11, 2013)

OnePostWonder said:


> So would the people using your hotspot have the same external IP as you?  If that were the case, talk about a legal nightmare.  I know courts have already said an IP *does not* mean a person, but people are still capable of being convicted of a crime based solely on the fact that their IP requested or sent certain traffic.



The public network is totally separated from the private, including having a separate public IP.



AsRock said:


> By not having a wireless router ? hehe.
> 
> What i am not understanding is how can they use your router to do this as they would need permission to do it.  Sure if it was though the modem but router that shit don't even belong to them and maybe i should charge them $7 for rent as they used to for my modem lol.



It isn't your router, they are doing this on the routers they provide customers.


----------



## AsRock (Jun 11, 2013)

newtekie1 said:


> The public network is totally separated from the private, including having a separate public IP.
> 
> 
> 
> It isn't your router, they are doing this on the routers they provide customers.



Ahh ok, i guess they will not be providing me one then.


----------



## Sasqui (Jun 11, 2013)

newtekie1 said:


> It isn't your router, they are doing this on the routers they provide customers.



Won't be leasing a comcast router anytime soon.


----------



## DRDNA (Jun 11, 2013)

james888 said:


> I personally don't like how users can't opt out of this. Or can they by using their own router?




There is an opt out feature on these routers, I read the article a few hours ago. What I don't like is no price break for the folks who do allowe this on the routers in their homes using their electricity. I know the electricity is minimal but still!

Copy and paste from the article I read "This is an "opt-out" service, not "opt-in." As soon as you get one of these new WiFi routers for your home network, your neighbors who are Xfinity customers can get free bits from you."

http://finance.yahoo.com/news/comca...548f16a38&bcmt_s=u#mediacommentsugc_container


----------



## newtekie1 (Jun 11, 2013)

DRDNA said:


> There is an opt out feature on these routers, I read the article a few hours ago. What I don't like is no price break for the folks who do allowe this on the routers in their homes using their electricity. I know the electricity is minimal but still!



The "price break" is that you get the ability to use the public wifi.




DRDNA said:


> Copy and paste from the article I read "This is an "opt-out" service, not "opt-in." As soon as you get one of these new WiFi routers for your home network, your neighbors who are Xfinity customers can get free bits from you."
> 
> http://finance.yahoo.com/news/comca...548f16a38&bcmt_s=u#mediacommentsugc_container



That logic makes no sense.  If they are your neighbors, and Comcast customers, why would they use your connection and not just use their own Comcast connection that they actually pay for? And even if they do for some stupid reason, if it has no effect on the bandwidth provided to you, what does it matter?


----------

