-1

My personal hotspot is accessed from an unknown site when I am in my home. Everyone in my home owns apple products but samsung android appears in network in system profiler.

Active services type hardware bsd bluetooth dun ppp(pppserial) modem bluetooth bloothtooth pan ethernet ethernet en2 ethernet ethernet ethernet en0 firewire firewire firewire fw0 samsung_android ppp(pppserial) modem usbmodemb6504182 wifi airport airport en1 10.0.0.6

is that ok?

Anti-weakpasswords
  • 9,785
  • 2
  • 23
  • 51
cat
  • 1
  • 1
  • 1

1 Answers1

3

This is based on my answer to Devices with cryptic names and Chinese ip addresses connected to my router but adjusted for hotspots (i.e. no web interface), since the same general steps apply; the difference in questions is that they didn't know what the devices were (and still don't - some are spoofed), and you see a Samsung MAC (which may also be spoofed, of course).

A few steps have been added specific to hotspots and multi-purpose devices (phones, tablets, etc.) that also have hotspot functionality.

If you're concerned (I would be, but I'm overly concerned about security), I would:

  • Tell everyone the Internet will be down for awhile.
  • Make note of all your custom settings
    • Not passwords or SSIDs; those are all going to change.
    • Yes, SSID's - those are the salt for WPA/WPA2, and precomputed tables can be made using those salts, as Pyrit does.
  • If you have a "reset to defaults" option on your hotspot, use it.
  • If you can, reset the whole device to defaults if it's multi-purpose (like a phone/tablet).
  • Change the password to device if it's multi-purpose
  • Download the newest updates for your hotspot
  • Take the hotspot offline/change the device into airplane mode
  • Cancel any credit card your device has access to, just in case
    • It's a bit paranoid, but it's a simple phone call (low cost), and mitigates a potentially very high consequence, depending on your credit card limits.
    • Consider using non-reloadable Visa gift cards instead of an all-up credit card with your device; when the prepaid money runs out, you're not responsible for any more.
  • Apply the updates to your hotspot
  • If your hotspot has WPS, disable it to prevent Reaver attacks.
    • If you can't disable WPS, find and buy a hotspot that can disable WPS (or doesn't have it at all).
  • Set a new SSID, something unique.
    • Add some randomness if you can handle it - the purpose is to get out of the range of SSID's an attacker may have precomputed tables of.
  • Verify your wifi is set to WPA2-AES
  • Set a new Wifi password, something 100% random and at least 20 characters long.
    • You can use something like "openssl rand 20 -base64" and add in some more symbols; especially symbols NOT above numbers.
    • Personally, I recommend putting it into all your devices now, and then destroying any other records. When you add a new device, make a new password and reset everything; this is a primitive password change schedule.
  • Watch your logs and device list for awhile.
  • Run Rescue CD's or other antimalware products on all your computers, and antimalware products on your devices, just in case.
  • Change every password your device has access to (linked email, dropbox, IM, web site saved passwords, etc.)
Community
  • 1
Anti-weakpasswords
  • 9,785
  • 2
  • 23
  • 51