Router Hacking

Hello. I am at the end of my rope and really need some help. On February 20, 2022 my android phone was hacked. My antivirus picked it up and with it, it brought updates for applications I didn’t even have. Nefarious permissions like read data, Extract data, admin over my Bluetooth, admin over my Wi-Fi, ability to read and write things into the phone, etc.

I have since then been through 5 phones and 5 routers because this hacking has followed me from device to device. For the life of me I could not figure out how or what was happening. I have six level 2 security tickets and basically had to figure out what was going on without any network and cyber security experience whatsoever.

What I have uncovered is that this issue is in my router and the existing settings somehow remain there even with new routers.

I have noticed that when installing a new router that there was some unrecognized devices on my app even before plugging the new router in. An ASUS device, and four Intel devices. I was ON THE PHONE with Xfinity during one of these occasions and the young lady thought it was strange and said she would escalate it.

The next two times a technician came to me. The first one saw the devices out there even BEFORE the new router was plugged in, again. and said it was over his head. The next guy after that said it sounds like spyware of some sort. I thought having a technician would help matters - but they are not well versed in this area and advised I call the security team. The folks that came out were as helpful as they could possibly be but were unable to help with this.

I have went down a rabbit hole of learning what could go wrong and after two months, I have discovered the issue in my network. Somehow, it appears that my routers are being cloned along with device IP information, and that settings on said router (or line) are carrying over to each device.

there are open ports, port forwarding, UpNP service enabled, Apache Web Services on port 8080 and some sort of sub network set up? “C” network using 10.0.0/24 instead of 10.0.0.1

To my understanding- an Xbox One and Roku TV are somehow being used to mirror every move I make.

I authorized none of this. I don’t know how to log into my router and fix this. I can log in, but I don’t know what to do to fix this from there. I also notice that there is activity on my event logs that I did not do. My devices have been cloned so it appears as if the changes are coming from ME.

Whoever is doing this is a step ahead all the time - they are using keyloggers of sorts and know all of my password changes as I make them.

I have been bounced around from tech support and security team to get some guidance on this and no one has the knowledge to assist. This has impacted my life to a great magnitude personally and professionally. I am having trouble understanding why there is no one that can assist. I’ve also been to Apple Support, other phone providers , manufacturers, the police to no avail.

The Xfinity app on my phone is also spoofed. My internet is censored. It says I don’t have port forwards when I do. I get redirects and syncs on most websites. I am worried this will be intercepted too like many other attempts at obtaining help. This is way over my head. The hacker doing this knows what I’m going to do before I do. I have many pieces to this puzzle, just not the knowledge to put it together. Any safety software I use gets exploited like Xfi, Malwarebytes, Norton and VPNs. It’s a plot tunnel with two devices every time.

Please direct me to someone qualified to assist me. Someone who knows what questions to ask. With all of the technological vulnerabilities and the state of the world we are in - it is very concerning that there isn’t someone who CAN have a conversation or look into this!!

I have emailed abuse email almost two weeks ago multiple times and have not heard back. As concerning as that is, I am wondering if it ever made it to your actual inbox. Whatever is hacking me has made it very hard to seek assistance from anyone. You can look at my call history as well. I have called and called. I would not like to think that you guys would drop the ball on something like this. Things are happening with my technology that have never happened before. Please assist? I feel as if my safety is at risk and no one is helping.

Responses

Momzillawins22

Visitor

•

1 Message

3 years ago

Hi same things is going on with us for 3 years. No one will help I have a police report everything including my children are effected. After 3 years of doing this on my own last night I finally found what they are doing and I contacted a lawyer. It’s a dns attack I have 3 open ports on my Xfinity that you can’t see on their router they use www.comcast.net and 10.0.0.1 the dns should be www.Xfinity.com and 198.162.1.1 so you can calm down it’s a dns take over I didn’t a flush and it’s still on if I find out how too remove this I will let you no matter what I did so far they still cloned all my iPhones Xbox android even my ROKU that’s why I am going too hire a lawyer this is not right my privacy is gone my kids are exploded apple Xfinity google basically told me I’m crazy I’m not I have a degree in networking I’ve been out of practice 16 years not 1 of these companies helped my life has been in term oil for 3 years I’m don’t

flatlander3

Problem Solver

•

1.5K Messages

@Momzillawins22 10.0.0.1 is local and unroutable on the internet. 10.0.0.1 is the internal web interface on your Xfinity gateway. A lot of 3rd party gateways use 192.168.1.1 or 192.168.0.1 for a default management address, and quite a few of them use 192.168.100.1 if you are in "bridge mode" -- routing disabled, and handled by other equipment you have. They too are not routable so I don't know if that's a typo above, otherwise, that's an IP address in Canada delegated to "College of the Rockies".

If you do want to audit open ports on your gateway, there are many websites that will look for them. Search for "open port checker" and you'll find lots of them. You can do it yourself with a tool called nmap. Scan your external IP address from another location (both TCP and UDP scans), or connect to another network with a phone hotspot instead of your home WiFi and try it.

You shouldn't have any open ports unless you enabled port forwarding, and if you did, you need to protect the open port by 'some means'. UPnP devices can also blow holes in your firewall for a persistent connection, so best practice is to disable that feature according to the FBI/Homeland since 2013. It was a bad idea when it came out, it's still a bad idea. If you can't disable it, buy another router/gateway or use a dedicated firewall to handle your internal traffic.

Xfinity has not published a 'white paper' on how their app based configuration works, so I will not comment on the security of it, other than to say remote management of critical infrastructure is a really bad idea, especially via a phone app. Perhaps someday they will show otherwise, but for now, I'd use something else.

MoCA (ethernet over coax) is another potential problem if you don't have a POE filter (point of entry filter) installed. If you don't, your neighbors either intentionally or unintentionally could be joining your network. There is no security on it. Another feature I would reject for equipment selection.

(edited)

3 years ago

XfinityArmand

Official Employee

•

2.1K Messages

Hi there @Momzillawins22! Thanks so much for taking the time to reach out to Xfinity Support here on our Community Forum. Have you reached out to our Customer Security Assurance team?

I am an Official Xfinity Employee.
Official Employees are from multiple teams within Xfinity: CARE, Product, Leadership.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Please, mark a reply as the Accepted Answer. tick

3 years ago

Your Home Network

XfinCustomerX10

Router Hacking

Momzillawins22

flatlander3

XfinityArmand

New to the Community?