1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Is it possible to spoof Cablecard HostID? - Comcast On-Demand

Discussion in 'TiVo Premiere DVRs' started by mbp2112, Mar 22, 2013.

  1. mbp2112

    mbp2112 New Member

    6
    0
    Dec 9, 2004
    Howyadoin,

    I've been billed by Comcast for on-demand movies that I didn't order. They quoted the HostID of the device from which the movies were supposedly ordered, which matches the ID of my Premiere. Is it possible that someone spoofed my Host ID? Does Comcast store any other information besides Host ID that I can use to prove my case? Basically, I'm being called a liar...grrr...

    Thanks!
     
  2. ferrumpneuma

    ferrumpneuma fading fast

    789
    0
    Jun 1, 2006
    Anhedonia
    Is is possible a guest or child was with the premier unattended. What were the titles ordered? That might be a clue.
     
  3. mbp2112

    mbp2112 New Member

    6
    0
    Dec 9, 2004
    There were several partial porn (of both persuasions, interestingly) movies, all within the same afternoon, and partly viewed, apparently.

    It was a weekday afternoon, I was at work, my wife was home, but she wouldn't go into my office for the purpose of watching porn, and I really don't think she has a predilection for some of the material ordered.

    So anyway, Comcast is refusing to waive the charges, so I'm looking for a new provider. But that's a story for another thread...
     
  4. innocentfreak

    innocentfreak Active Member

    8,962
    6
    Aug 25, 2001
    Florida
    Is your Premiere provided by the cable company? If not the only way to order would be over the phone or via the webpage.
     
  5. tatergator1

    tatergator1 Active Member

    1,532
    10
    Mar 27, 2008
    Columbus, Ohio
    He mentions Comcast. I assumed he was in an Xfinity of Premiere area. You can buy directly via the Tivo in this situation.
     
  6. innocentfreak

    innocentfreak Active Member

    8,962
    6
    Aug 25, 2001
    Florida
    I had asked someone before and they had said they couldn't order PPV even though they had access to Xfinity VOD now. I guess they were wrong or it changed. Good to know. Thanks.
     
  7. tatergator1

    tatergator1 Active Member

    1,532
    10
    Mar 27, 2008
    Columbus, Ohio
    I wasn't sure either, so I pulled up the Xfinity on Tivo support page and it indicated you could select "Buy and Watch Now" for paid content. There are also instructions on setting a PIN for purchases. Based on what the OP has indicated, this seems like a Comcast mistake they don't want to admit, or can't figure out so they are just going to stick to the OP.
     
  8. WhiskeyTango

    WhiskeyTango New Member

    5,777
    0
    Sep 20, 2006
    New Jersey
    You've always been able to order PPV with a phone call.
     
  9. mbp2112

    mbp2112 New Member

    6
    0
    Dec 9, 2004
    I bought my Premiere myself, it wasn't provided by Comcast.

    They quoted me the Host ID and card serial number for my Premiere, but if it's being spoofed, that's irrelevant, no? I do have on-demand capability, and have had it for some time. I've used it to watch free movies in the past, but have never attempted to watch anything that had a charge associated with it.
     
  10. Teeps

    Teeps Active Member

    1,705
    9
    Aug 16, 2001
    Torrance,Cal...
    Is the TiVo in question connected to the internet by wireless connection?
     
  11. JandS

    JandS Member

    122
    0
    Oct 1, 2010
    Howyadoin,

    The DSLReports website has a terrific section called "Comcast Direct" where registered DSLReports members can get official, direct support from Comcast techs and account services. Postings in the Direct forums are "Secure", i.e. private and unreadable to other forum members (except for the thread title).

    I've had great results by posting there after calls to Comcast support and on-site service calls totally failed to resolve the problem (or even understand it, for that matter). The folks on the Direct forum are able to "see" your account and tech settings that are not visible or available to the front-line folks. No knee-jerk customer service attitudes at all.

    I would think that the Direct forum folks would be especially interested in following up on any possibility of your account being somehow hacked to steal VOD programming, whether by spoofing or a neighbor hacking into your comcast lines or whatever.

    https://secure.dslreports.com/forum/comcastdirect

    If you do post there please let us know what you think of the experience.
     
  12. innocentfreak

    innocentfreak Active Member

    8,962
    6
    Aug 25, 2001
    Florida
    Correct.

     
  13. mbp2112

    mbp2112 New Member

    6
    0
    Dec 9, 2004
    After several rounds with Comcast CSRs and supervisors, I posted a nastygram on Comcast's message board. I was referred to the We Can Help (we_can_help@cable.comcast.com) group, to which I presented my case again. I got an email (on a Saturday, no less) from corporate, followed by a phone call on Monday. They then called Tuesday morning, acknowledging that there was a problem, my account may have been affected, and they were crediting the charges. I'm happy that they agreed to do this, but the level of interaction it took to make it happen, given that this isn't exactly an uncommon complaint, is not good. When you have to use the word "Kafkaesque" in an email, something has gone horribly wrong... :D

    PS. Just a note to others that are having a problem, there's an option I just found in the Comcast website to receive a text message whenever an on-demand or PPV transaction is made. Login to your account at the comcast.com webpage, choose "Manage users and alerts" and scroll to the bottom of the page. You'll see the checkbox. It won't fix the problem, but you'll know immediately that you're being hacked and can call customer service while the blankety-blanks are in-the-act. That might crack this situation, who knows?
     
  14. Merle Corey

    Merle Corey New Member

    64
    0
    Aug 25, 2001
    Mount...
    There's definitely something going on, and it isn't pretty.

    I'm a Premiere owner in a non-OnDemand market (Chicago). I'm now on my third iteration of this, after having mistakenly thought it was resolved back in January.

    I was already signed up for email notifications, which is how I spotted the problem in the first place. We never buy PPV, getting email means something has already gone wrong.

    First instance in December, billing was extremely nice/helpful and dropped the charge immediately. They recommended that we set PINs on everything (cable boxes, phone orders) and we did. There should have been no way to purchase PPV without manual intervention.

    Whoops, second instance a few weeks later (January). Billing was once again very helpful and dropped the charge immediately. They also identified the order as coming from my cable card and suggested contacting support to troubleshoot. That's where things got stupid; to make a long story short, it amounted to the CS rep claiming that we were ordering movies through the TiVo even though OnDemand wasn't available in our area.

    I immediately escalated to the we_can_help address. I received an email response amounting to "We'll call you soon" the same weekend and got the phone call the next business day. The conclusion was to set our PPV credit limit to $0, requiring a phone authorization for any purchase. Case closed, right?

    Wrong. Got a new movie purchase today. I went directly to we_can_help and am waiting on the followup.

    While I love my TiVo, especially over the Comcast DVRs, this is the kind of issue that may well result in cutting the cord and switching to Netflix/Hulu/Amazon for our content. No kids, only my wife watches regularly, it's suddenly really hard to justify the money for service/cards/cable boxes when the normal CSRs' default response is to treat us like criminals.

    mbp, keep a close eye on things. It's clear that Comcast doesn't really have a handle on this, and it's a pretty severe flaw in their system.
     

Share This Page