xfinitywifi

[spaceanomaly]

I'd like to find out if someone has already created a wifi pinapple with a copy of xfinitywifi hotspot rolling out across the united states to steal ALL the user credentials since every hotspot xfinini customers will attempt to login and its not even their device so mac address will change hotspot to hotspot. only thing the user sees is the essid?

[triphazard]

yes

[i8igmac]

Im curious, at my house i see in airodump 3 device and one of them is open and essid is xfinitywifi.

12:aa:bb:cc:dd:ee essid xfinitywifi open

13:aa:bb:cc:dd:ee

14:aa:bb:cc:dd:ee

almost exact same mac address... are these access points outside on a phone pole? Maybe a stupid question lol

[spaceanomaly]

From what i've heard xfinity is rolling out its hotspots inside every customer's router they install. people were supposedly notified by mail about the hidden running wifi hotspot on their routers but some just dont read the mail. I honestly dont know how much more power the xfinity routers eat up compared to normal routers since basically you are running and feeding electricity to the thing so someone else can login and use it... while you are renting the device you have the option to opt-out of the wifi hotspot feature and are able to turn it off so no one uses it but some have reported that the option does not work as intended. If you want to be a true slave to comcast, get exfinity they now make their customers eat the electricity bill too!

[cooper]

I wouldn't worry about the electricity bill. It's not like the device suddenly got a new radio/antenna. It basically sends out a second beacon: One for your AP as you know it, one for the XfinityWifi AP. You stand a chance of increasing the power use of the device by maybe a watt for the time someone actually makes use of the AP. If you worry about the cost of that, you've probably got bigger worries on your mind than the impact of this on the electricity bill.

As owner/operator of such a device there are other concerns though. Supposedly your router is strongly partitioned meaning that those on the extra AP are authenticated by the network rather than your device (typically via RADIUS which is very sniff-friendly) but I wonder how well this has been tested. Do those users get a different IP assigned to them from the router/network than what is used for your local LAN? Is the management interface of the router accessible for these people? The username/password combo for this tends to be rather weak and/or predictable.

Over here we have something similar and if I wasn't living several stories up in an appartement building I'd be opting out of this feature unless I get some reassurances. Customers are incentivised to accept the deal by being given a few MB/s extra bandwidth which is designated for these external users, but free for you to use when no external users are attached so in my case, unless these external users sprout wings to get within reach of my AP I've basically been given a speed boost for free.

Edited August 28, 2014 by Cooper

[spaceanomaly]

I havent experimented with it as of yet, but xfinity did note that those customers that have these routers do not get any additional bandwidth nor "supposedly" it takes any away from them. I am not sure how they manage the connection so it might be something worth exploring. My true consern was that there are many dummy xfinitywifi hotspots out there and you cant tell the real one from fakes apart. Since only xfinity customers are able to use their home logins to use these hotspots a dummy xfinitywifi hotspot could become a very easy collection site for all the xfinity users login information gathering. So potentially you could get hundreds of thousands of logins and be able to login under those credentials to a real xfinitywifi hotspot which are located all over the place. and with this comcast time warner merger 2/3 of the united states will have those hotspots active.. 2/3 of the country! thats like having access to someones cellphone use at any given time...