# Is it possible to spoof Cablecard HostID? - Comcast On-Demand



## mbp2112 (Dec 10, 2004)

Howyadoin,

I've been billed by Comcast for on-demand movies that I didn't order. They quoted the HostID of the device from which the movies were supposedly ordered, which matches the ID of my Premiere. Is it possible that someone spoofed my Host ID? Does Comcast store any other information besides Host ID that I can use to prove my case? Basically, I'm being called a liar...grrr...

Thanks!


----------



## ferrumpneuma (Jun 1, 2006)

Is is possible a guest or child was with the premier unattended. What were the titles ordered? That might be a clue.


----------



## mbp2112 (Dec 10, 2004)

ferrumpneuma said:


> Is is possible a guest or child was with the premier unattended. What were the titles ordered? That might be a clue.


There were several partial porn (of both persuasions, interestingly) movies, all within the same afternoon, and partly viewed, apparently.

It was a weekday afternoon, I was at work, my wife was home, but she wouldn't go into my office for the purpose of watching porn, and I really don't think she has a predilection for some of the material ordered.

So anyway, Comcast is refusing to waive the charges, so I'm looking for a new provider. But that's a story for another thread...


----------



## innocentfreak (Aug 25, 2001)

Is your Premiere provided by the cable company? If not the only way to order would be over the phone or via the webpage.


----------



## tatergator1 (Mar 27, 2008)

innocentfreak said:


> Is your Premiere provided by the cable company? If not the only way to order would be over the phone or via the webpage.


He mentions Comcast. I assumed he was in an Xfinity of Premiere area. You can buy directly via the Tivo in this situation.


----------



## innocentfreak (Aug 25, 2001)

tatergator1 said:


> He mentions Comcast. I assumed he was in an Xfinity of Premiere area. You can buy directly via the Tivo in this situation.


I had asked someone before and they had said they couldn't order PPV even though they had access to Xfinity VOD now. I guess they were wrong or it changed. Good to know. Thanks.


----------



## tatergator1 (Mar 27, 2008)

innocentfreak said:


> I had asked someone before and they had said they couldn't order PPV even though they had access to Xfinity VOD now. I guess they were wrong or it changed. Good to know. Thanks.


I wasn't sure either, so I pulled up the Xfinity on Tivo support page and it indicated you could select "Buy and Watch Now" for paid content. There are also instructions on setting a PIN for purchases. Based on what the OP has indicated, this seems like a Comcast mistake they don't want to admit, or can't figure out so they are just going to stick to the OP.


----------



## WhiskeyTango (Sep 20, 2006)

innocentfreak said:


> I had asked someone before and they had said they couldn't order PPV even though they had access to Xfinity VOD now. I guess they were wrong or it changed. Good to know. Thanks.


You've always been able to order PPV with a phone call.


----------



## mbp2112 (Dec 10, 2004)

I bought my Premiere myself, it wasn't provided by Comcast.

They quoted me the Host ID and card serial number for my Premiere, but if it's being spoofed, that's irrelevant, no? I do have on-demand capability, and have had it for some time. I've used it to watch free movies in the past, but have never attempted to watch anything that had a charge associated with it.


----------



## Teeps (Aug 16, 2001)

mbp2112 said:


> I bought my Premiere myself, it wasn't provided by Comcast.
> 
> They quoted me the Host ID and card serial number for my Premiere, but if it's being spoofed, that's irrelevant, no? I do have on-demand capability, and have had it for some time. I've used it to watch free movies in the past, but have never attempted to watch anything that had a charge associated with it.


Is the TiVo in question connected to the internet by wireless connection?


----------



## JandS (Oct 1, 2010)

Howyadoin,

The DSLReports website has a terrific section called "Comcast Direct" where registered DSLReports members can get official, direct support from Comcast techs and account services. Postings in the Direct forums are "Secure", i.e. private and unreadable to other forum members (except for the thread title).

I've had great results by posting there after calls to Comcast support and on-site service calls totally failed to resolve the problem (or even understand it, for that matter). The folks on the Direct forum are able to "see" your account and tech settings that are not visible or available to the front-line folks. No knee-jerk customer service attitudes at all.

I would think that the Direct forum folks would be especially interested in following up on any possibility of your account being somehow hacked to steal VOD programming, whether by spoofing or a neighbor hacking into your comcast lines or whatever.

https://secure.dslreports.com/forum/comcastdirect

If you do post there please let us know what you think of the experience.


----------



## innocentfreak (Aug 25, 2001)

WhiskeyTango said:


> You've always been able to order PPV with a phone call.


Correct.



innocentfreak said:


> Is your Premiere provided by the cable company? If not the only way to order would be over the phone or via the webpage.


----------



## mbp2112 (Dec 10, 2004)

After several rounds with Comcast CSRs and supervisors, I posted a nastygram on Comcast's message board. I was referred to the We Can Help ([email protected]) group, to which I presented my case again. I got an email (on a Saturday, no less) from corporate, followed by a phone call on Monday. They then called Tuesday morning, acknowledging that there was a problem, my account may have been affected, and they were crediting the charges. I'm happy that they agreed to do this, but the level of interaction it took to make it happen, given that this isn't exactly an uncommon complaint, is not good. When you have to use the word "Kafkaesque" in an email, something has gone horribly wrong... 

PS. Just a note to others that are having a problem, there's an option I just found in the Comcast website to receive a text message whenever an on-demand or PPV transaction is made. Login to your account at the comcast.com webpage, choose "Manage users and alerts" and scroll to the bottom of the page. You'll see the checkbox. It won't fix the problem, but you'll know immediately that you're being hacked and can call customer service while the blankety-blanks are in-the-act. That might crack this situation, who knows?


----------



## Merle Corey (Aug 25, 2001)

There's definitely something going on, and it isn't pretty.

I'm a Premiere owner in a non-OnDemand market (Chicago). I'm now on my third iteration of this, after having mistakenly thought it was resolved back in January.

I was already signed up for email notifications, which is how I spotted the problem in the first place. We never buy PPV, getting email means something has already gone wrong.

First instance in December, billing was extremely nice/helpful and dropped the charge immediately. They recommended that we set PINs on everything (cable boxes, phone orders) and we did. There should have been no way to purchase PPV without manual intervention.

Whoops, second instance a few weeks later (January). Billing was once again very helpful and dropped the charge immediately. They also identified the order as coming from my cable card and suggested contacting support to troubleshoot. That's where things got stupid; to make a long story short, it amounted to the CS rep claiming that we were ordering movies through the TiVo even though OnDemand wasn't available in our area.

I immediately escalated to the we_can_help address. I received an email response amounting to "We'll call you soon" the same weekend and got the phone call the next business day. The conclusion was to set our PPV credit limit to $0, requiring a phone authorization for any purchase. Case closed, right?

Wrong. Got a new movie purchase today. I went directly to we_can_help and am waiting on the followup.

While I love my TiVo, especially over the Comcast DVRs, this is the kind of issue that may well result in cutting the cord and switching to Netflix/Hulu/Amazon for our content. No kids, only my wife watches regularly, it's suddenly really hard to justify the money for service/cards/cable boxes when the normal CSRs' default response is to treat us like criminals.

mbp, keep a close eye on things. It's clear that Comcast doesn't really have a handle on this, and it's a pretty severe flaw in their system.


----------

