Welcome to Comcast Help & Support Forums
Find solutions, share knowledge, and get answers from customers and experts

New to the Community? Start here.

5,807,855

members

13

online now

1,953,719

discussions

Top

X1 xtv.comcast.net HUGE FLAW and companion XFinity TV App!!

New Poster

X1 xtv.comcast.net HUGE FLAW and companion XFinity TV App!!

With the implementation of the 300 GB monthly limit, security measures must be in place regarding the X1 platform to make it comparable to the security measures that are currently in place with older generation of Xfinity.

 

Specifically, there are two security measures that are missing and must come into fruition in order to ensure that XFinity X1 users can have a better assurance that the data usage that was/is being used were originated by the actual owner.

 

1. Auto Authentication is not available for xtv.comcast.net and/or for the X1 companion app, the XFinity TV providing an option to turn it on and off. For example, if a XFinity ID and/or password is changed, if that previous ID and password has been hacked, a prior cookie/cached link will still permit the hacker to access the account through xtv.comcast.net and/or the XFinity TV app for X1 because auto authentication is not available to prompt a re-entering of the ID and/or password. The change of the XFinity ID and/or password by the X1 subscriber does not automatically log out all of the devices in comparison with the traditional XFinity. This could be because the X1 is cloud based. 

 

2. Devices are unable to be readily determined that used the xtv.comcast.net and/or X1 companion app, XFinity TV. The devices can currently be determined on the Gateway network at home but there is no way to check MAC addresses for xtv.comcast.net and/or the XFinity TV app for X1. 

 

I've spoken with CSA (Comcast Security Assurance), High Level Internet Team, as well as the X1 team who have all confirmed that these security measures are lacking and currently not in place. As mentioned above, since the 300 GB policy has been instilled, XFinity must make sure that, at minimum, these two options should be a standard practice to ensure that customers are being charged accordingly on the X1 platform. Until, these two options are available, this is considered an unfair business practice of XFinity to its X1 subscribers. 

Service Expert

Re: X1 xtv.comcast.net HUGE FLAW and companion XFinity TV App!!


lawgyrl wrote:

With the implementation of the 300 GB monthly limit, security measures must be in place regarding the X1 platform to make it comparable to the security measures that are currently in place with older generation of Xfinity.

 

Specifically, there are two security measures that are missing and must come into fruition in order to ensure that XFinity X1 users can have a better assurance that the data usage that was/is being used were originated by the actual owner.

 

1. Auto Authentication is not available for xtv.comcast.net and/or for the X1 companion app, the XFinity TV providing an option to turn it on and off. For example, if a XFinity ID and/or password is changed, if that previous ID and password has been hacked, a prior cookie/cached link will still permit the hacker to access the account through xtv.comcast.net and/or the XFinity TV app for X1 because auto authentication is not available to prompt a re-entering of the ID and/or password. The change of the XFinity ID and/or password by the X1 subscriber does not automatically log out all of the devices in comparison with the traditional XFinity. This could be because the X1 is cloud based. 

 

2. Devices are unable to be readily determined that used the xtv.comcast.net and/or X1 companion app, XFinity TV. The devices can currently be determined on the Gateway network at home but there is no way to check MAC addresses for xtv.comcast.net and/or the XFinity TV app for X1. 

 

I've spoken with CSA (Comcast Security Assurance), High Level Internet Team, as well as the X1 team who have all confirmed that these security measures are lacking and currently not in place. As mentioned above, since the 300 GB policy has been instilled, XFinity must make sure that, at minimum, these two options should be a standard practice to ensure that customers are being charged accordingly on the X1 platform. Until, these two options are available, this is considered an unfair business practice of XFinity to its X1 subscribers. 


the streaming to any device in your home does not count against your 300gbyte bucket. If you download a recording to your smart phone/tablet it does not count. When you are streaming a goTV channel using any other internet provider (say a hospital or airport or restaurant) the traffic is not counted. BUT if you go to a comcast hotspot or use xfinitywifi ssid in home or away from home yes counts toward the 300gb. In your scenario a hacker has access to stream away from your home... the streamed bytes etc do not count toward your bucket unless they are at an xfinitywifi hotspot. 

 

Just happens I changed my comcast password (was lastpass generated 24 characters random letters, punctuation, and numbers because the A&E app's verification to xfinity has a bug. When I changed it about an hour later my son called me and asked why I changed password that the tv app wanted a sign in again. Anyway, please write back if I misunderstood you.




Community Icon
I am not a Comcast employee, I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help. For information on the program click here.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee. I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help.
We ask that you post publicly so people with similar questions may benefit.
Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee.

Was your question answered?
Mark it as a solution!solution Icon

Discussion stats
  • 1 reply
  • 748 views
  • 0 kudos
  • 2 in conversation