Multiple devices

Blaine
Blaine Member Posts: 1

Hello all,

I have been dealing with a hacker and tonight while checking the Fing app, I realized my iphone is listed twice same name but with different mac addresses.

So I went through chrome and my fing account online reports my access point is not at my home but miles away and my router doesn't seem to be online at all. There's a black thing next to it.

I checked my phone and I'm connected to my wifi, along with it's name and all.

I checked online again and the information about the router is stating my wifi name but it has workgroup behind it. I have tried to secure my router 5 times since Oct of 20, like totally resetting it, and I have reported this and begged for help thru the company who manufacture the router that's under warranty. I reported all the information I have collected, to the people working for this company, and they seem to not know anything about workgroup, or netbois, sp? The only thing they can tell me is to not use fing app, and help me reset the router but it gets hacked again and again, even to the point I cannot block mac address of devices I do not recognize on my wifi.

Please forgive my lack of knowledge, when I went to school there were no computers, and despite my constant reading and searching I cannot find one way to stop this.

My question is

How can the same device show 2 different mac addressed?

Why is the access point for my wifi across town?

How can I rid my wifi from a work group?

And of course

Is it possible from the information I have to lead a knowledgeable person to the hacker? I know who he is I just can't tie it all together.

Thank you in advance!!

B

Comments

  • Fabian
    Fabian Member, Beta Tester Posts: 53
    10 Comments First Anniversary 5 Likes Name Dropper
    ✭✭
    @Blaine, just making sure that you’re aware of iOS’ Settings > Wi-Fi > select the “i” next to your Wi-Fi’s name > Private Address feature?  Just wanting to see if you’ve eliminated this as a possibility.
  • SRP
    SRP LAMember Posts: 117
    100 Comments 25 Agrees 25 Likes 5 Awesomes
    ✭✭✭
    edited March 27, 2021 #3
    @Blaine as @Fabian says one explanation for multiple records of your iPhone with different MAC addresses showing up is if you connect to different wireless SSIDs in your network. It sounds like you have a router and at least one access point. Depending on whether the router has Wi-Fi, the AP is one of many around your network, you have 2.4Ghz and 5Ghz networks separately named, a guest network setup and so on you could have many SSIDs you’re connecting to. For each of the Wi-Fi SSIDs you utilize at home check the setting that @Fabian outlines above and if the Private Address switch is on, your iPhone is going to provide a MAC address unique to this Wi-Fii SSID. Generally, I turn this off for all my home network SSIDs, and rely on the device MAC address, but leave it on for public Wi-Fis.

    Regarding location of your access point I wouldn’t worry about the geolocation of this being not exactly at your address since the location you’re being provided by Fing is dictated by your WAN IP address from your ISP I believe.

    Turning to your more general concern about your network being hacked, what follows are the steps I’d take if I suspected an intrusion in your situation. Without knowing the specifics of your network topology or devices connected some of this is going to be general best practice but regardless I’d first tackle the root router security. It sounds like you’ve factory reset your router a number of times before so I’m assuming you’re familiar with your router’s default local IP address, default SSIDs and passwords if it’s a Wi-FI router, and the default admin username and password for your router’s web interface.

    If all this sounds new then commonly the default IP address is 192.168.0.1, 192.168.1.1, 192.168.1.254, 10.0.11 etc. You can search online for this and any default Wi-Fi  SSIDs/passwords and the web interface default admin username and password for your router manufacturer and model.

    Once you have all this information the next step I’d take is to disconnect every single device from this router., I’d also disconnect the WAN connection too for good measure. I’d now reset the router using the reset mechanism -often a recessed button you have to hold down using a paper clip. 

    I’d then connect a clean device to the router. By clean device I mean a phone (if your router has Wi-Fi) or a computer if it is a wired only router, that hasn’t been on your network before and you are sure can’t possibly have been compromised by your suspected hacker.

    The clean computer with wired connection would be preferable lest your hacker is inspecting and recording traffic on this router’s default Wi-Fi SSID (if it’s a Wi-FI router) whilst you do this, but that would mean the hacker would be within Wi-Fi range of your network at this juncture so is an extreme edge case. I realize a ‘clean’ computer is often more costly or difficult to obtain than a ‘virgin’ phone borrowed from a friend, for example, but the next steps are the same regardless. Note also that you can pick up a phone to Ethernet wired adapter online for relatively little cost nowadays so you can also turn your clean phone into a wired device fairly simply.

    Connect your clean device, via cable or Wi-Fi to the default SSID, to your root router. Open a web browser and type the default IP address of your root router into the address field to get to your router’s web interface. Log in using the default admin username and password for the router. 

    Step 1. Reset the admin username and password using a strong password (one from a password generator that’s resistant to brute force attacks) immediately. 

    Step 2, if your router allows you to turn on/off UPnP turn this off (any modern router should provide this functionality) - your’e doing this lest unbeknownst to you one of your devices is connecting with the suspected hacker to transfer information via opening a UPnP connection. Turning off UPnP is critical IMO.

    Step 3, if you know the MAC address of all your trusted devices turn on MAC address filtering/Access control and enter these as allowed devices and block all others,

    Step 4, if your router has a firewall turn it on.

    Step 5, change your WAN IP address assigned by your ISP if you can. These are usually assigned dynamically so if you leave your WAN connection disconnected and powered off long enough you’ll often be reassigned a new one, it just depends on the ISP. If you don’t get allocated a new one, try contacting your ISP and asking them to change the one assigned to you if not.

    Step 6, if your router has a built in VPN turn it on (note this can slightly impact your average DL/UL speeds because of encryption and the extra internet hops involved but if security is your main concern then that’s a trade off you’ll likely make).

    Step 7, if the router has Wi-Fi reset all the default SSID names and passwords using strong passwords from a password generator. Use at least WPA2 - WPA3 if your router allows it. If you’re connected via Wi-Fi then this step will disconnect you and you’ll need to reconnect using the new SSID name and password.

    Step 8, plug back in the WAN and check that you have access to the internet. 

    Step 9, log back into the router’s web interface using the new admin username and password you set in Step 1 and ensure your router’s firmware is up to date.

    Step 10. Change any login and passwords using strong passwords from a password generator for each of your network devices, run trusted anti-virus software on any PC, tablet or phone, and reconnect them to the router one at a time checking they function as expected,

    Step 11. Make sure you’re running the latest OS and security updates on any PC, phone or tablet. 

    Step 12, related to step 11 as a general practice once you connect any device back to the internet that isn’t a PC. tablet or phone make sure you have the latest firmware installed on this device to plug known vulnerabilities - search online for how to achieve this for each device.

    Step 13. When reconnecting any access points repeat all the above router and Wi-Fi focused steps (where applicable since routers running in AP mode or APs may not provide access to some of the settings like UPnP or firewall).

    By turning off UPnP you may find you need to add port forwarding rules to your root router for some of your devices in order for these to function correctly once you’ve done all this. This will entail assigning fixed IP addresses to devices that require port forwarding. However, most device manufacturers that require certain ports be open in order to function correctly provide information on how to do this online. 

    I hope all that made sense and helps.

    Good luck,

    S.