Is my IoT Network being hacked?

randye007 Member Posts: 10
Name Dropper First Comment
edited October 4, 2021 in Devices & Security #1

    I use a Ubiquiti Edge Router X to segregate 3 networks in my home. 
  1. IoT network isolated - internet access only
  2. WiFi Guest network isolated - internet access only
  3. Private network - all access
    My private network can access the IoT and WiFi Guest networks, but not the other way around. Thus, all my computers, tablets and phones with sensitive data is in the private network. I place all my IoT devices in the IoT network. 

    Here's the issue. I have a Raspberry Pi 4 in my IoT network which communicates with all the IoT devices. I have it assigned a static IP address. However, on a random basis, the rPi disconnects and reconnects to an available IP address presumably via the DHCP server. When I reboot the rPi, it starts off assigned the static IP, but then eventually, usually within the hour it disconnects and reconnects with an available IP address. There doesn't appear to be any pattern to when it disconnects. Is it possible one or more of my IoT devices has been compromised and is being used to attack the rPi? If so, how can I be sure? Is there such an attack that forces a device to disconnect and change IP addresses? Why didn't the router force the rPi to reconnect to its assigned static IP?

   I was able to fix the issue by moving the rPi into my private network and assign it a static IP address. It has been stable ever since. But, it doesn't answer my questions regarding if my IoT network has been hacked. 

   For peace of mind, I will change the passwords of all the IoT devices in the IoT network.
   I have a 2 Fingboxes ... one monitoring my private network and one monitoring my IoT network. New devices are set to be blocked upon entry. The Fingboxes have not detected any suspicious activity, but if the infiltrator is using an existing IoT device, I guess Fingbox wouldn't detect anything wrong.

   Thanks for your feedback.