Does Fingbox have a serious vulnerability?

VABelleVABelle Member Posts: 69
10 Comments First Anniversary 5 Likes Name Dropper
✭✭

After spending all morning resetting my network and MacBook back to factory, I am now seeing something I’ve never seen before:

How is this even possible?!?! I have a Comcast Xfi router. I have no other routers or bridges to my knowledge but clearly something is wrong. All my settings were correct for about 1/2 hour after resetting everything; then I got the dreaded rogue access point notification showing two MAC addresses I don’t recognize. Also, the WiFi connection is being shown as


Answers

  • MarcMarc Moderator, Beta Tester Posts: 2,451
    100 Answers 1000 Comments 500 Likes 250 Awesomes
    ✭✭✭✭✭✭
    hi @VABelle, for the graphic above that shows Technicolor...  Technicolor is actually the underlying manufacturer of the Comcast xfi router.  Fing does that for some equipment, especially when a company like Comcast’s brands another manufacturer with its own name.  I have both a garage door opener and an amazon phone interface that display the same way.
    Thats Daphnee, she's a good dog...
  • VABelleVABelle Member Posts: 69
    10 Comments First Anniversary 5 Likes Name Dropper
    ✭✭

    Yes, I am aware that it’s the Xfi router. I was trying to show the layer 3 forwarding which is not a normal state. When I first reset everything back to factory it says Dynamic IP. Within 1/2 hour, Fingbox starts blinking & I’m notified:

    Wi-Fi Security Alert

     

    New or Rogue Access Point detected: 80:D0:xxxxxxx on Wi-Fi XFINITY


    An unknown Wi-Fi access point is transmitting using your Wi-Fi name (SSID).If it’s your new Access Point, or you just installed Fingbox, please acknowledge this in the mobile app by tapping on this alert from the Network tab.In other cases, it’s a malicious wireless access point that has been installed near your network without explicit authorization, with the intent of letting your devices connect and trying to steal your data.

    I know all my Mac addresses by heart, plus I’ve never seen Fingbox identify 7 access points before.

  • MarcMarc Moderator, Beta Tester Posts: 2,451
    100 Answers 1000 Comments 500 Likes 250 Awesomes
    ✭✭✭✭✭✭

    Could it be that your isp remotely changed something in your router configuration that triggered Fing to alert this? Can you shut down UPNP on the router? In most home network situations its not needed and that would stop something on your network from opening that up on their own..

    Thats Daphnee, she's a good dog...
  • ScoobyScooby Member Posts: 172
    25 Answers 100 Comments 25 Awesomes 25 Likes
    ✭✭✭
    If you factory reset your router, unfortunately, UPnP is enabled, by default, for most routers. If UPnP is enabled, then your router could be setting up those UPnP services. Also, Comcast has the Xfinity WiFi Hotspot feature, which:
    Your Xfinity Wireless Gateway broadcasts an additional “xfinitywifi” network signal, creating an extension of the Xfinity WiFi network right in your home.

    We designed this feature for you and this service is completely separate from your secure, private home WiFi network and allows guests to sign in and connect without sharing your secure network password. Your Home Hotspot is included with your service at no additional charge.

    ref: https://www.xfinity.com/support/articles/xfinity-wifi-hotspots and https://www.xfinity.com/support/articles/disable-xfinity-wifi-home-hotspot

    I believe those UPnP services are how that "hotspot" is created, within your router. The "Home Hotspot" is enabled, by default. The above link (second one) explains how you can turn that feature off, and you may note your router is one of the devices listed, that support it. Disabling the hotspot feature may disable the UPnP services you are seeing. Although it doesn't say, it may take 30 minutes for the feature to be setup, after a factory reset. It would appear UPnP and the Layer3Forwarding is a "normal state", for that particular router. The second link does, however, state it can take 24 hours for the change to take, when turning the feature off, or back on, within your "My Account".


    Unfortunately, Comcast doesn't seem to have an "advanced" manual of the CGM4140COM "gateway". However, you can access it via the default IP address - http://10.0.0.1. There may be a setting in there, to turn UPnP off.


    The Fingbox may be seeing the "xfinitywifi" hotspot signal as a "threat" to your network, even though it might not be, and is trying to provide a warning. Without knowing more, not sure about the "protecting 7 access points".

    Marc
  • MarcMarc Moderator, Beta Tester Posts: 2,451
    100 Answers 1000 Comments 500 Likes 250 Awesomes
    ✭✭✭✭✭✭
    @Scooby , for most routers, when you turn off UPNP, does that also drop the port that was opened or do they remain open regardless?
    Thats Daphnee, she's a good dog...
  • ScoobyScooby Member Posts: 172
    25 Answers 100 Comments 25 Awesomes 25 Likes
    ✭✭✭
    @Marc, as far as I know, the port(s) will be dropped on the router, when UPnP is turned off, on the router.
  • VABelleVABelle Member Posts: 69
    10 Comments First Anniversary 5 Likes Name Dropper
    ✭✭
    edited March 2020
    I have disabled the UPnP function in the router (10.0.0.1) but it does not change the layer 3 forwarding whatsoever. I have the Hotspot disabled as well. What's happening is that the normal router address changes from 10.0.0.1 to 172.16.12.116 which WhoIs? shows it only as a private address. The trace route on that IP shows it going all over the place, starting out as a 10.7.8.1 address, then going to a number starting with 89.187xxxxxcdn77.com; hop #10 is a number starting with 38.88.xxx; hop #24 is also 38.88.xxxxx; then it goes to 
    "unreachable."
Sign In or Register to comment.