-2

Somebody just signed into my network and Google account. It's from a Mac device, but I don't have any Apple devices.

Also he logged into Google from my IP address. After that, I got a notification on my phone that somebody signed in my account.

I also used a tool called wi-fi inspector from Avast and found some Cisco device. I don't know if it's a VPN or something. I got his MAC address. And tips what to do?

schroeder
  • 123,438
  • 55
  • 284
  • 319
top kek
  • 5
  • 2
  • 1
    @CaffeineAddiction Not sure this is actually a virus... Sounds more like some confusion about networking in general. Voting to close as unclear instead. – Anders Mar 21 '17 at 08:42
  • 1
    @topkek I hope my edits are true to your intent. Your original question was difficult to understand. – schroeder Mar 21 '17 at 10:43

3 Answers3

5

If you have an unknown device on your wifi and you think it shouldn't be connected, you should change the password on your wifi, and possibly change the wifi security protocol to something stronger (WPA2 is best). If possible, enable a MAC address white list, and add just your devices.

As a precaution, you may also consider changing passwords for all of your web sites, especially sensitive ones like online banking. Just because someone got onto your wifi doesn't mean they hacked any of your accounts (other than your wifi password), but if they were on your network it does make it more likely that they would have been able to if they wanted to.

John Wu
  • 9,101
  • 1
  • 28
  • 39
  • It might be worth noting that the OP can check to see what devices are connected by looking at the router's MAC table. – schroeder Mar 21 '17 at 10:46
1

As suggested by @CaffeineAddiction, your computer being compromised seems a more reasonable explanation for your issue.

This is because:

  • Google tends to pin its certificates wherever possible (apps, willing browsers), one application/reason for which is specifically preventing the connection from being compromised over an insecure channel like wifi (see the intro to OWASP's page on pinning)
  • Aside from this, for your wifi being compromised to lead to such a login, the attacker would have to break HTTPS to get to your credentials - key pinning makes that harder, but even without key pinning, there are normally warning signs, notably related to certificates (if the attack is trying to fake the TLS/HTTPS connection) or to the lack of TLS/HTTPS if the attack is trying to downgrade you to plaintext (which is what key pinning should guard against). Google also uses HSTS to make this harder. Downgrading TLS to e.g. SSLv3 to make breaking easier might be possible, though.

That being said:

  • change your wifi password as a first step.
  • enable a second authentication factor for your google account (and anything else you care about that offers the option to do so)
  • depending on what you keep in your inbox/drafts/etc, change any other passwords and/or credentials that may have been compromised.
  • do what you can to clean your machine, and/or re-image it if you can do that. Then make it your life's mission to ensure you keep things as up to date as possible.
  • review what activities may have been performed using your google account, and follow up if needed (i.e. if you use that account for professional purposes, and suspect emails may have been sent using your account, contact people to warn them those emails are not legitimate).

While you are drawing a correlation between 'weird devices on wifi' and 'compromised account' - and may be right about it - I would also consider your own general hygiene: have you done anything online recently that could have resulted in your getting a virus? Do you have some kind of ad- and/or script-blocker you use, and could you start using one? Do you have anti-virus, avoid running things with elevated rights, and have a firewall on your computer?

I would see if you can do anything to identify and close possible gaps in your security that could have lead to all this - and enable a 2nd authentication factor.

iwaseatenbyagrue
  • 3,631
  • 1
  • 12
  • 24
0

The easiest Way would be to change the password of your google account and your network. You also should be able to block the device you dont trust. Definitely scan your device with a antivirus application. As John Wu already said, the security of your router should be WPA2, WPA is hacked easy and fast, so it's not secure.

If you do this, it should be fine.

Still there are other options to prevent that, as using a updated OS version and updated software. Also possible would be to use a VPN. Maybe you should think about using a password manager so you dont have to remember your passwords, so you can choose stronger and longer ones.

Dr3xler
  • 308
  • 1
  • 8
  • I use avast passwords. Avast passwords is safe tool to keep your passwords inside it instead browser. They need my main password to get into it because without main password you cant use the "auto-enter" of passwords. – top kek Mar 21 '17 at 10:05
  • Another good password manager would be sticky password. Also with master password but never leaves your Computer and you got the possibility to sync your devices via your home wifi. So the passwords aren't stored in a cloud or anything. – Dr3xler Mar 21 '17 at 10:15