Apple Adds Eight Chinese Companies to Its Supply Chain After Axing Four 
China Secures Banned Nvidia Chips Amid US Export Restrictions, Tenders Reveal 
Nasa to overhaul mission returning samples from Mars – here’s why it must and will go ahead 
Robinhood Unveils SHIB, AVAX, and COMP Listings for New York Traders, Expanding Crypto Access 
The use of AI in war games could change military strategy 
Critical Update: Samsung Expands Network Band Support in Europe – Update Now for Uninterrupted Access 
Korean Military Considers iPhone Ban, Samsung Exempt for Security Reasons 
Mercedes Launches 2025 G-Class Electric with Four Motors and Revolutionary Tank Turns 
New Crypto Whale Snags 237.8 Billion SHIB Following Key Shiba Inu Blockchain Announcement 
Crypto.com's Launch in South Korea Stalled by AML Regulatory Concerns, Postponement Announced 
Bitcoin Surges Past Tesla in Five-Year Gains, Sparks New Interest in ETFs 
SK Networks Sets Up AI Research Lab in Silicon Valley 
Amazon to Introduce Air Delivery Service in Arizona via Drone 
U.S. Prosecutors Demand Three Years for Former Binance CEO Zhao Over Laundering 
Tesla Nears FSD Licensing Deal with Major Automaker, Hits 1.3 Billion Milestone 
Shiba Inu Reveals How SHIB Army Can Earn TREAT Token in New Blockchain Ecosystem 
Security researchers recently found a bug on Comcast Xfinity’s official account activation website that allows attackers to easily obtain customers’ WiFi names and passwords.
ZDNet reported on the issue after getting a tip from security researchers Karan Saini and Ryan Stevenson. The subject of the bug was Xfinity’s official website where customers activate online services for their accounts.
According to the report and based on their own testing, the bug allows unauthorized people to obtain WiFi names and passwords of customers who are using Xfinity-provided routers. To illicitly collect these data, an attacker will only need to enter the target’s residential address.
These issues were confirmed by the publication after two Xfinity customers agreed to participate in the test and provided their home addresses.
The experiment revealed that the bugged website provided the correct WiFi name and password of the customer who uses an Xfinity router. Even worse, the website gave these data in plaintext or in its unencrypted, unscrambled form. So, ultimately, an attacker needs one information to intrude a personal WiFi connection.
The security issue does not end there. It was also found that the glitched website gives information of an Xfinity customer even when their WiFi connection is active and even after they have changed their WiFi name and password.
Though the compromised website requires a customer’s complete address, ZDNet commented that an attacker can gather that information by simply guessing a house number or, more easily, by snatching a utility bill thrown in the garbage.
By simply providing a customer’s address, an attacker can tamper the WiFi name and password of Xfinity routers — even custom ones — and later avoid the actual user to access his or her own WiFi connection.
As of this writing, the said website is still up and running and TechCrunch noted that the issue appears to still be in place. And since the bug appears to be useless when aimed at customers with a non-Xfinity router, buying one seems to be the only possible solution for now.
