Two California residents have filed a class-action suit against Comcast in federal court for using their home’s wireless router in an effort to create a nationwide network of public WiFi hotspots.
The plaintiffs, Toyer Grear and his daughter, Jocelyn Harris, accused Comcast of “exploiting them for profit,” in the suit filed in U.S. District Court in San Francisco.
Indeed, to compete with large cell phone providers, the company is attempting to build its Xfinity WiFi Hotspot network, a second high-speed internet channel using its customers’ wireless gateway modems. That channel, separate from the one used by its customers, would be the purview of houseguests and customers who are using mobile devices while in range of one of the network. Comcast’s goal is to expand the network to include eight million hotspots by year’s end and to over coverage in 19 of the largest cities in the U.S.
Customers lease their modems from the company, which began activating the network in the Bay Area last fall. While its customers can opt out of the second channel, Grear and Harris contend in the suit that Comcast doesn’t “obtain the customer’s authorization prior to engaging in this use of the customer’s equipment and Internet service for public, non-household use.” And, they contended, customers must bear “the costs of its national WiFi network,” citing a text by Speedify, a Philadelphia-based company, that tested the Internet channel and found that it would put “tens of millions of dollars per month of the electricity bills needed to run their nationwide public Wi-Fi network onto consumers.”
Calling home cable modems “very much ‘Plug-and-Pray’ (plug it in, pray there are no issues),” Trey Ford, Global Security Strategist at Rapid7, maintained, in comments emailed to SCMagazine.com, that Internet Service Providers (ISPs) “have a poor track record of patch management” for customer premise equipment (CPE). The modems, he said, “are fraught with security issues but vendors are more concerned with making them easy to use than safe, stable and secure for the user.”
The suit also said that tests showed that when the secondary channel is used heavily, customer electricity bills go up 30 to 40 percent.
In addition, the set-up “subjects the customer to potential security risks” by enabling strangers to access the internet through customer routers “with the customer having no option to authorize” or control its use. As homes in the U.S. become more connected to the internet, “having a safe edge [like a cable modem] is extremely important,” Ford said. “I hope that Comcast has done a good job segmenting the ‘guest’ network from the subscriber’s ‘home network,’ which is critical to the security of users who are forced to partake in this initiative.”
He warned guests to the network to protect themselves because “this wireless network is completely unencrypted.”
In the future, Ford expects security researchers to come down hard on Arris 852 and 862 wireless routers, examining them for security vulnerabilities and holding vendors accountable “in coordinated disclosure processes for any identified flaws.” He warned Comcast and Arris to “efficiently respond to vulnerability notifications from the research community” because the “vulnerabilities will not only bring press attention, but they will likely be referenced” in the Grear-Harris suit.
The father-daughter duo also claimed they’ve experienced “decreased, inadequate speeds on their home Wi-Fi network,” as a result of Comcast’s secondary channel.
They are seeking an injunction against Comcast, forbidding the company from using home wireless routers as part of its public hotspot network as well as unspecified damages because, they said, Comcast violated the Computer Fraud and Abuse Act, California’s Unfair Competition Law, and the state’s Comprehensive Computer Data Access and Fraud Act, California Penal Code.