Welcome to the community! Read our posting tips, and learn how to earn ranks, levels and badges to get started.
Ask any devices or smart home question in the Devices/Security or Network Troubleshooting Categories.
Happy posting!
Ask any devices or smart home question in the Devices/Security or Network Troubleshooting Categories.
Happy posting!
Does Fingbox have a serious vulnerability?
After spending all morning resetting my network and MacBook back to factory, I am now seeing something I’ve never seen before:
How is this even possible?!?! I have a Comcast Xfi router. I have no other routers or bridges to my knowledge but clearly something is wrong. All my settings were correct for about 1/2 hour after resetting everything; then I got the dreaded rogue access point notification showing two MAC addresses I don’t recognize. Also, the WiFi connection is being shown as
Tagged:
0
Answers
Yes, I am aware that it’s the Xfi router. I was trying to show the layer 3 forwarding which is not a normal state. When I first reset everything back to factory it says Dynamic IP. Within 1/2 hour, Fingbox starts blinking & I’m notified:
Wi-Fi Security Alert
New or Rogue Access Point detected: 80:D0:xxxxxxx on Wi-Fi XFINITY
An unknown Wi-Fi access point is transmitting using your Wi-Fi name (SSID).If it’s your new Access Point, or you just installed Fingbox, please acknowledge this in the mobile app by tapping on this alert from the Network tab.In other cases, it’s a malicious wireless access point that has been installed near your network without explicit authorization, with the intent of letting your devices connect and trying to steal your data.
I know all my Mac addresses by heart, plus I’ve never seen Fingbox identify 7 access points before.
Could it be that your isp remotely changed something in your router configuration that triggered Fing to alert this? Can you shut down UPNP on the router? In most home network situations its not needed and that would stop something on your network from opening that up on their own..
We designed this feature for you and this service is completely separate from your secure, private home WiFi network and allows guests to sign in and connect without sharing your secure network password. Your Home Hotspot is included with your service at no additional charge.
ref: https://www.xfinity.com/support/articles/xfinity-wifi-hotspots and https://www.xfinity.com/support/articles/disable-xfinity-wifi-home-hotspot
I believe those UPnP services are how that "hotspot" is created, within your router. The "Home Hotspot" is enabled, by default. The above link (second one) explains how you can turn that feature off, and you may note your router is one of the devices listed, that support it. Disabling the hotspot feature may disable the UPnP services you are seeing. Although it doesn't say, it may take 30 minutes for the feature to be setup, after a factory reset. It would appear UPnP and the Layer3Forwarding is a "normal state", for that particular router. The second link does, however, state it can take 24 hours for the change to take, when turning the feature off, or back on, within your "My Account".
Unfortunately, Comcast doesn't seem to have an "advanced" manual of the CGM4140COM "gateway". However, you can access it via the default IP address - http://10.0.0.1. There may be a setting in there, to turn UPnP off.
The Fingbox may be seeing the "xfinitywifi" hotspot signal as a "threat" to your network, even though it might not be, and is trying to provide a warning. Without knowing more, not sure about the "protecting 7 access points".