X

Visitor

 • 

13 Messages

Thursday, April 14th, 2022 8:29 PM

Closed

Router Hacking

Hello. I am at the end of my rope and really need some help.  On February 20, 2022 my android phone was hacked. My antivirus picked it up and with it, it brought updates for applications I didn’t even have. Nefarious permissions like read data, Extract data, admin over my Bluetooth, admin over my Wi-Fi, ability to read and write things into the phone, etc.

 I have since then been through 5 phones and 5 routers because this hacking has followed me from device to device. For the life of me I could not figure out how or what was happening. I have six level 2 security tickets and basically had to figure out what was going on without any network and cyber security experience whatsoever. 

What I have uncovered is that this issue is in my router and the existing settings somehow remain there even with new routers. 

I have noticed that when installing a new router that there was some unrecognized devices on my app even before plugging the new router in. An ASUS device, and four Intel devices. I was ON THE PHONE with Xfinity during one of these occasions and the young lady thought it was strange and said she would escalate it. 

The next two times a technician came to me. The first one saw the devices out there even BEFORE the new router was plugged in, again. and said it was over his head. The next guy after that said it sounds like spyware of some sort. I thought having a technician would help matters - but they are not well versed in this area and advised I call the security team. The folks that came out were as helpful as they could possibly be but were unable to help with this.

I have went down a rabbit hole of learning what could go wrong and after two months, I have discovered the issue in my network. Somehow, it appears that my routers are being cloned along with device IP information, and that settings on said router (or line) are carrying over to each device. 

there are open ports, port forwarding, UpNP service enabled, Apache Web Services on port 8080 and some sort of sub network set up? “C” network using 10.0.0/24 instead of 10.0.0.1

To my understanding- an Xbox One and Roku TV are somehow being used to mirror every move I make.

I authorized none of this. I don’t know how to log into my router and fix this. I can log in, but I don’t know what to do to fix this from there. I also notice that there is activity on my event logs that I did not do. My devices have been cloned so it appears as if the changes are coming from ME. 

Whoever is doing this is a step ahead all the time - they are using keyloggers of sorts and know all of my password changes as I make them. 

I have been bounced around from tech support and security team to get some guidance on this and no one has the knowledge to assist. This has impacted my life to a great magnitude personally and professionally. I am having trouble understanding why there is no one that can assist. I’ve also been to Apple Support, other phone providers , manufacturers, the police to no avail. 

The Xfinity app on my phone is also spoofed. My internet is censored.  It says I don’t have port forwards when I do. I get redirects and syncs on most websites. I am worried this will be intercepted too like many other attempts at obtaining help. This is way over my head. The hacker doing this knows what I’m going to do before I do. I have many pieces to this puzzle, just not the knowledge to put it together. Any safety software I use gets exploited like Xfi, Malwarebytes, Norton and VPNs. It’s a plot tunnel with two devices every time. 

Please direct me to someone qualified to assist me. Someone who knows what questions to ask. With all of the technological vulnerabilities and the state of the world we are in - it is very concerning that there isn’t someone who CAN have a conversation or look into this!!

I have emailed abuse email almost two weeks ago multiple times and have not heard back. As concerning as that is, I am wondering if it ever made it to your actual inbox. Whatever is hacking me has made it very hard to seek assistance from anyone. You can look at my call history as well. I have called and called. I would not like to think that you guys would drop the ball on something like this. Things are happening with my technology that have never happened before. Please assist? I feel as if my safety is at risk and no one is helping. 

Problem Solver

 • 

502 Messages

3 years ago

Hi @XfinCustomerX10! Thank you for reaching out to the Xfinity Forums for assistance with this security issue. I'm so sorry to see that's been happening! It's important you have a safe online experience and the peace of mind to connect your devices securely. Our Customer Security Assurance Team would be the best to help with making sure that's the case! They are the experts with online safety for you and your connected devices. You can report suspicious online/connection activity to them on their website or call them at 1-888-565-4329 between 6:00am - 2:00am EST, 7 days a week.

Visitor

 • 

13 Messages

@XfinityCassandra​ Thank you so much for the response! I have a total of six level two security tickets in with them. They cannot seem to get me past level two. I keep going back and fourth between tech support ( who drops the ball the second I ask for guidance on how to configure my router, disable port forwarding, etc. )

Security Assurance has been unable to help. I went by the Xfinity store the other day and they had advised me to ask for a level three coach in PA. I could not get anyone onboard to do so and essentially have been told to go to the police (which I have multiple times) and hire a network specialist. The network specialists are thousands and I cannot afford one. With all due respect, my Xfinity bill for internet only is 180/month plus another 70/month for my cell phone - both being hacked in every way possible, it really upsets me that there is no one there who can guide me in fixing this issue for a service that you render. 

This has been costly in every way imaginable. It has impacted my life in a way where it has been very traumatizing. 

I’ve had to do all the legwork on my own to try to find out where the issues may be - to help me help you , and be able to articulate the problems that are happening. Here is what I know:

Number one: my local network has been cloned. Someone is using UPNP services in order to assist them in streaming/mirroring my activity to another device. I also believe that my DNS is messed up due to all of the redirects that I get when trying to visit a legitimate website. When I run a network scan from from a routing table under IPv6 I noticed that there are quite a number of stops along the way. Some of them are even outside of the country, like Australia. One local IPV six address  takes me to a man’s house who lives across town. I am very concerned that someone is using my network for something really awful and terrified that whatever they are doing is going to come back on me. I really need some help from either you guys, or if you could bubble this up to to level three in my behalf since I’ve already done so?  I have also found a network of surveillance devices tied to my network with sequential SS ID numbers. INSIDE MY HOME. I don’t even feel comfortable changing my clothes or sleeping anymore. 

not to mention all of my VPN that I try to use to veer away from this, are also coming up “split tunnel’.

whoever is doing this may have access to my device somehow - perhaps a neighbor?? The reason I say this is because they seem to be exploiting me via AWD/WiFi Direct, Google Play Services, Airplay. They disabled me from being able to pan for what’s around me. I cannot disable Airdrop or mirroring also somehow someone installed an app on my iCloud that pertained to IoT.io on 4/11. When looking at the app itself it’s a Bluetooth scanner to see what’s around and I believe it to be nefarious in nature. .io is a domain that hacked me to begin with. 

There appears to be some sort of wire shark device on my Network, An additional router, possibly virtual, a media renderer on the Xbox, which I assume is to video my activity. It looks like my Xbox is set up to be it’s own network!? My sons Roku TV is somehow involved in this as well based off the activity on the IP address. That scares me to no end because there is a camera in it! 

I even had two Xfinity technicians at my home to bring the last two routers. They also seen the connected devices out on the network before plugging the new gateway in. The only guidance they could render was to call because troubleshooting this is outside of their wheelhouse. The latest tech said that it’s some sort of spyware.  

I cannot tell you how much I would appreciate assistance. I keep running into roadblocks. I am where I feel like my safety and my son’s safety is in danger over this. I don’t know who to trust anymore and I’ve never had to deal with something like this. I truly think someone must be using my network for something awful. All devices are also cloned. What someone could do with that is beyond imaginable. 

everyone is always very nice, but not able to assist me not do they have any knowledge on how to do it. My knowledge is very limited and everything I know so far I have learned in the past couple of months by force because if I didn’t, I would still be clueless as to where the problems are. 

This hacker also stays a step ahead of me - because they are watching what I look up and what I learn constantly. They have disabled helpful utility tools to the point I have to keep buying new software until they break that too. This is next level espionage type of stuff I did not even know was technically possible. The more I learn, the more I want to crawl under a rock - and I also realize how much I don’t know. Only puzzle pieces- I really need someone knowledgeable to help me in putting this together to fix it. I need some peace and some sleep in my life.  Please help me find someone who can help! I even tried to do the FBI form online -and I get to the end and somehow it refreshes as soon as I am about to hit submit. 

Visitor

 • 

13 Messages

3 years ago

@XfinityCassandra​ Thank you so much for the response! I have a total of six level two security tickets in with them. They cannot seem to get me past level two. I keep going back and fourth between tech support ( who drops the ball the second I ask for guidance on how to configure my router, disable port forwarding, etc. )

Security Assurance has been unable to help. I went by the Xfinity store the other day and they had advised me to ask for a level three coach in PA. I could not get anyone onboard to do so and essentially have been told to go to the police (which I have multiple times) and hire a network specialist. The network specialists are thousands and I cannot afford one. With all due respect, my Xfinity bill for internet only is 180/month plus another 70/month for my cell phone - both being hacked in every way possible, it really upsets me that there is no one there who can guide me in fixing this issue for a service that you render. 

This has been costly in every way imaginable. It has impacted my life in a way where it has been very traumatizing. 

I’ve had to do all the legwork on my own to try to find out where the issues may be - to help me help you , and be able to articulate the problems that are happening. Here is what I know:

Number one: my local network has been cloned. Someone is using UPNP services in order to assist them in streaming/mirroring my activity to another device. I also believe that my DNS is messed up due to all of the redirects that I get when trying to visit a legitimate website. When I run a network scan from from a routing table under IPv6 I noticed that there are quite a number of stops along the way. Some of them are even outside of the country, like Australia. One local IPV six address  takes me to a man’s house who lives across town. I am very concerned that someone is using my network for something really awful and terrified that whatever they are doing is going to come back on me. I really need some help from either you guys, or if you could bubble this up to to level three in my behalf since I’ve already done so?  I have also found a network of surveillance devices tied to my network with sequential SS ID numbers. INSIDE MY HOME. I don’t even feel comfortable changing my clothes or sleeping anymore. 

not to mention all of my VPN that I try to use to veer away from this, are also coming up “split tunnel’.

whoever is doing this may have access to my device somehow - perhaps a neighbor?? The reason I say this is because they seem to be exploiting me via AWD/WiFi Direct, Google Play Services, Airplay. They disabled me from being able to pan for what’s around me. I cannot disable Airdrop or mirroring also somehow someone installed an app on my iCloud that pertained to IoT.io on 4/11. When looking at the app itself it’s a Bluetooth scanner to see what’s around and I believe it to be nefarious in nature. .io is a domain that hacked me to begin with. 

There appears to be some sort of wire shark device on my Network, An additional router, possibly virtual, a media renderer on the Xbox, which I assume is to video my activity. It looks like my Xbox is set up to be it’s own network!? My sons Roku TV is somehow involved in this as well based off the activity on the IP address. That scares me to no end because there is a camera in it! 

I even had two Xfinity technicians at my home to bring the last two routers. They also seen the connected devices out on the network before plugging the new gateway in. The only guidance they could render was to call because troubleshooting this is outside of their wheelhouse. The latest tech said that it’s some sort of spyware.  

I cannot tell you how much I would appreciate assistance. I keep running into roadblocks. I am where I feel like my safety and my son’s safety is in danger over this. I don’t know who to trust anymore and I’ve never had to deal with something like this. I truly think someone must be using my network for something awful. All devices are also cloned. What someone could do with that is beyond imaginable. 

everyone is always very nice, but not able to assist me not do they have any knowledge on how to do it. My knowledge is very limited and everything I know so far I have learned in the past couple of months by force because if I didn’t, I would still be clueless as to where the problems are. 

This hacker also stays a step ahead of me - because they are watching what I look up and what I learn constantly. They have disabled helpful utility tools to the point I have to keep buying new software until they break that too. This is next level espionage type of stuff I did not even know was technically possible. The more I learn, the more I want to crawl under a rock - and I also realize how much I don’t know. Only puzzle pieces- I really need someone knowledgeable to help me in putting this together to fix it. I need some peace and some sleep in my life.  Please help me find someone who can help! I even tried to do the FBI form online -and I get to the end and somehow it refreshes as soon as I am about to hit submit. 

Problem Solver

 • 

502 Messages

I'm truly sorry that's happening, @XfinCustomerX10! Our Customer Security Assurance team are our experts with investigating any online safety issues, so they are the best team to reach out to for assistance. I did notice you had mentioned opening tickets with them, have they updated you on the status of these tickets?

I no longer work for Comcast.

Visitor

 • 

13 Messages

@XfinityCassandra​ they tell me I need to go to tech support and when I get to tech support and explain this to them and  what I need to do, they say that’s over their heads. Then they send me back to security. The last IH ticket I was advised to hire someone to fix this. That all they can do is reset passwords and secure the account itself. Who can help with servicing the account? 

I am going out a limb here and asking, would you please, could you please - please find someone in your company who can read this and from there field me to someone who can help? I am so grateful that you responded to begin with. I have emailed abuse@comcast quite a few times as well, no response. 

I don’t know what to do anymore. I don’t understand how some of these reps think this is something acceptable. 

Visitor

 • 

13 Messages

3 years ago

The store advised me to call security team and ask for level 3 in PA and to ask for a coach. I was refused and told there’s really nothing anyone can do. It’s the account that security will assist with, not the service. 

Official Employee

 • 

1.4K Messages

@finCustomerX10 Thank you for these details, it's really helpful in getting you in the right direction. In order for me to get more details on your account details and what the next best step is going to be, I will need to access your account. Can you please Direct Message your name, and service address? 

 

To send a "Peer to peer" message:
Click "Sign In" if necessary
• Click the "Peer to peer chat" icon
• Click the "New message" (pencil and paper) icon
• Type "Xfinity Support" in the "To:" line and select "Xfinity Support" from the drop-down list which appears. The "Xfinity Support" graphic replaces the "To:" line
• Type your message in the text area near the bottom of the window
• Press Enter to send it

 

 

I am an Official Xfinity Employee.
Official Employees are from multiple teams within Xfinity: CARE, Product, Leadership.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Please, mark a reply as the Accepted Answer.tick

Visitor

 • 

3 Messages

@XfinCustomerX10​ 

have you gotten anywhere? I’m dealing with a very similar situation if you find anything out or get any solutions could you please tell me , this has been happening for over a month with me.

Visitor

 • 

3 Messages

3 years ago

Yo I’m dealing with the same thing I haven’t even finished reading it all yet. I’ll post again when I’m done.

Visitor

 • 

3 Messages

3 years ago

This has been driving me crazy almost literally. I can’t access certain websites. At times someone will literally take control of my computers and phones if you find any solutions please let me know please.

Problem Solver

 • 

948 Messages

3 years ago

My take on this, you would have to wipe clean all your devices, all your cloud backups, preferably just delete them, all your email accounts etc, just start over from scratch, plus don’t restore from a backup, it’s not your router, your devices are passing your info between them and the “Hackers”…

Visitor

 • 

13 Messages

3 years ago

We have been through this six times with sanitized devices introducing them to the network one at a time. My job has issued me a new laptop. Someone must have a keylogger as well because they somehow are able to know every single password.

I would rationalize this to think the issue is in a device as well at first. No one has really messed with my financials and that is typically the goal when it applies to hacking. This is someone who wants to pay close attention to who I speak to and what I’m saying and doing - surveillance, if you will. Why else would it be configured to “dvr” my phone activity? Plus

due to the fact that a separate neighboring network is communicating with my cell IP and Xbox along with all the WiFi Direct and Airplay logs tells me this is potentially someone spying on me. I can’t think of anyone with a motive though. I’m pretty boring. 

Visitor

 • 

13 Messages

3 years ago

I don’t think the person that did this gave me enough credit to look under the hood and learn. I still don’t know anything but I have learned enough to see some of the dynamics - and those dynamics don’t seem to fit the MO of a hacker that is just trying to hack. I think it goes deeper and what’s happening is that my network ID is being used for something nefarious in nature. This is what scares me - that and the Bluetooth network that surrounds me. I don’t feel like I’ve had a private moment since 2/20. 

Expert

 • 

31K Messages

@XfinCustomerX10​ 

At this point I would say contact the FBI's Cyber Crime division.

I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.

Was your question answered? Please mark an Accepted Answer!tick

Visitor

 • 

13 Messages

@Again​ 

funny you say that - I have tried this multiple times from multiple devices and cannot “submit”

 I have taken the time to write out blow by blow events - and I cannot ever get it to submit because the page locks up, refreshes before I am done or the option is “grayed” out. This route has been attempted multiple times.

Problem Solver

 • 

1.5K Messages

3 years ago

Since Feb?  You need to nuke this issue.

As far as 'sanitizing' devices goes, there is no anti-virus tool that will be dependable running on an already compromised device.  Scorched earth is the way to go.  Make sure your IT guy is aware of this at your work too.  They might want to re-image after you fix other problems. 

Your phone may be root kitted, cloned or otherwise compromised (the least secure device you own by the way).  Un-root kitting is unreliable and there isn't anything you can do about cloning other than switching phones.  Get rid of that thing, and be careful what you install on it.  You got an issue from something added on.

You might consider buying a 3rd party gateway just so your router configuration can't be changed from the web or an app.  It's a horrid Xfinity idea in the first place.   Call xfinity from the new phone or land line to add the new gateway and remove the other one.  (takes care of wifi password too, pick a different one).

On wipe day, everything off!  Only one device active.

To prep for the rest of this, get/create an Ubuntu DVD.  You can boot from a flash drive too.  That's a quick search.  https://ubuntu.com/download/desktop

When you boot Ubuntu from your DVD drive, there's an option to boot from the DVD directly without installing Ubuntu.  It runs in memory without installing on the hard drive.  We use that from here on.   

When that is running, use it to download and create install media from windows for the rest of your PC's/Laptops.  You'll need your 25 digit product key to reinstall windows (sticker on device itself).  Create Install DVD's or memory sticks from Ubuntu https://support.microsoft.com/en-us/windows/create-installation-media-for-windows-99a58364-8c02-206f-aa6f-40c3b507420d and https://computingforgeeks.com/create-windows-10-bootable-usb-on-linux/

If you are going to try to save anything (photos/documents), use Ubuntu to copy them directly from your hard drive to a USB stick, or larger external drive (format it first if it had anything on it before.  They could be problematic, but with a new windows install and new anti-virus running on a brand new windows install, you've got a chance of saving them without getting reinfected.

From Ubuntu, now create a temporary email account someplace like protonmail.com.  You're going to use that for a recovery password for every account you have.  From Ubuntu, chance every account you use including gmail and xfinity to use this address as a password recovery address, and not your phone or any other account you currently have.  Then reset the passwords.   Test the recovery with the 'forgot password' link on all of them.

Great, now blow away your laptop/PC and make sure you reformat the hard drive with the windows install media.  1st thing you do after that, is update windows manually and toss in a free anti-virus tool like Avast.com  before trying to install anything else.

Other devices like Roku's, cameras and IOT gear like nest?  Well, if you changed out your gateway, they won't be able to connect to wifi or through bluetooth on your new phone anymore.  There's a factory reset on all of them.  Power them one one at a time and reset them.  That's about all you can do with them, but it's unlikely without physical access anyone could flash the ROM on them, so they're likely OK.  Try to update them all without your DNS redirection issues using your new gateway.

In the future, social media and banking information on a phone is a bad idea.  Try not to do it.  You'll find social media is a common attack vector, along with leaving your phone's wifi and bluetooth active in public, and they're after your banking information usually.

Starting over is really the only way to get rid of this.

(edited)

Visitor

 • 

13 Messages

3 years ago

This is a lot of VERY helpful information! Thank you so very much! 

Visitor

 • 

1 Message

2 years ago

Have you had any luck since these original postings? The literal EXACT thing is happening to me, though I’m not as far along as you. First it was my Galaxy S20, completely taken over and I had no control over it. A few times prior to the final takeover, I was able to factory reset. That did the trick but “they” always found a way back in and eventually in late May 2022, my phone was completely taken over and the they disabled the factory reset, even when I put my phone in safe mode. Next, new router, new phone (iPhone even though I hate it), new boxes for the whole house and also new laptop from work. It’s now happening all over again. I’ve been back to Xfinity, Verizon for my phone, geek squad at a Best Buy. Every single person has basically told me the hacking isn’t possible and I must’ve “clicked on a link”. Absolutely maddening. The Xfinity (Fakefinity) apps are a joke and half the time when you call, it also gets somehow routed to a non Xfinity person. I refuse to download their apps any longer. I’ve also noticed other accounts attached to mine, but like you said, they haven’t hacked my banks account or credit cards. But I feel watched 100% of the time, whether it’s through the microphone or camera and most obviously through my home network. My husband also has an Xbox. I can’t tell you how many times I have unplugged my Wi-Fi, turned it all off, but it doesn’t matter. I even bought a “burner” phone and they hacked that within 15 minutes. My life, sanity, marriage, work is all crazy because of this. The hardest part is that anyone is tell and at this point, BEG, to help me…they think I’m a nut job! 

Official Employee

 • 

746 Messages

Hi, thank you for reaching out to Xfinity Forums. I understand you are having security issues with your cell phone and other devices. Are you stating someone hacked your modem to access your wifi devices? 

I no longer work for Comcast.

I am an Official Xfinity Employee.
Official Employees are from multiple teams within Xfinity: CARE, Product, Leadership.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Please, mark a reply as the Accepted Answer.tick

Visitor

 • 

1 Message

2 years ago

I’m having the Arxact Same thing happen for 2 years!!!!!’  Please help!!!!! 2 of my so called freeness are on the EXACT same dns servers all the way back to MY private ip! I have Swiss showing up all the time that shouldn’t be here! Does that mean the hackers are are that close to me!? Y’all have no clue the insanity this drives one to.. please help

Visitor

 • 

13 Messages

2 years ago

It’s been a while because I’ve had my iPhone in airplane mode for almost two months. Not that it mattered. 

yes, it’s still happening. 

you gave me chills when you spoke of the burner being hacked 15 minutes out of the store. I’ve had such a similar experience as you that it makes me very uncomfortable. Like all of it. 

I wonder if this is even the Xfinity legit site? Or how many of those many level 2 no help tickets were legit?

I’ve done everything. It’s in my network and it has to be a neighbor. 

can someone tell me what a Wi-Fi alliance is? Spectrum? 

I have networks follow me all over the place using BLE. 

Visitor

 • 

13 Messages

2 years ago

Essentially, my home network is somehow made into a corporation where all of the traffic from my devices goes through a server. Also, to make it even more ludicrous the server is highly censored. It is very hard for me to look up troubleshooting and educate myself on things like cyber security, networking etc.. I am also prohibited from looking up the stuff that includes spyware, malware or you know stalking, abuse.

I also used a tool to crawl websites to see what sites are disallowed from my server. It tells me I can’t get on too many Xfinity sites, my dude who works for IT at my job said I’m also prohibited from looking at my own YouTube accounts, my own Twitter accounts, and I don’t even have any type of account that involves social media anymore. So now I’m worried that somebody made one of my name that I’m blocked from seeing. There’s also this website called despair.com and I’m not allowed on much of that one either except for the homepage. It doesn’t make any sense to me none of this. My Bluetooth is always on, my phone is always listening , my camera will turn itself on and the hits just keep on coming. I truly don’t know what to do anymore. April 18 was the last day I made an attempt to go to the police, they advise that they are not even equipped to investigate cyber crime. On the iPhone I caught the hacker using an app called shortcuts, tethered to an Apple Watch I don’t have. They also have my laptops and phone set up as servers. They also edit, delete and write storage.

lots of weird stuff. I have not had a moment’s privacy in over six months. 

Visitor

 • 

13 Messages

2 years ago

Oh and don’t even get me started over the Bluetooth peripherals that are all around me and the ridiculous networks that follow me around. 

my gateway says it’s a Wi-Fi 6 WAP and part of a Wi-Fi alliance and they are streaming my activity like a flipping DVR to a cloned device so it looks like I’m hacking myself. Maddening isn’t the word. What [Edited: "Language"] is a Wi-Fi alliance? I’ve had networks from one side of town pop up on the other - and they are too out there to be coincidental

(edited)

forum icon

New to the Community?

Start Here