In a stealth move, one of the largest internet service providers could be tainting your websites with unwanted ads and malicious code. Sound dramatic? Comcast, as part of the recent launch of its XFinity public WiFi hotspots, is inserting ads of its services across various websites, unbeknownst to the website owners.
The ads usually display across the bottom of the page and advertise Comcast’s services, including reminders to customers to download XFinity’s mobile apps. According to a report made available by Ars Technica, Comcast says that the ads alert users that they are connecting via an official XFinity hotspot. This proves tricky as any hacker can create a designed to look just like a Comcast hotspot, tricking unsuspecting users into sending their credentials and personal information to an unknown source.
Comcast reassures users that the ads only appear when using XFinity public hotspots, and do not apply to websites accessed by a Comcast WiFi router at home. Either way, this practice cuts to the core of the net neutrality debate, as the FCC is currently determining policies that could include provisions stating broadband providers must deliver broadband without injecting any data packets.
How can you prevent being victim of a malicious attack? Connecting to WPA2-Enterprise and authenticating via 802.1X ensures network traffic is encrypted and secure. You should also access sites using HTTPs encryption, meaning only your browser and the server can decrypt the traffic.