Ok - yesterday, I was fed up and just about to stop using my devices, but I decided to try a different tack. I’m working on the basis that my sonoff plugs have been hacked.
How would that happen? Three issues come to mind: -
I could have purchased a device whose firmware had been hacked.
My ewelink account could have been hacked.
There does not appear to be any 2 factor authorization that I can see with ewelink accounts which is a vulnerability.
What did I do?
My router – an Asus DSL-AC68U has two wifi wavebands – 5GHz and 2GHz.
My vulnerable equipment – computers etc went on the 5GHz band and its password changed as a precaution.
The sonoff products all went on the 2GHz band (they only operate on the 2GHz band). I did not change the password. What would be the point. If the devices were hacked – then the new password would be immediately known. What I did do however was to turn on “AP isolation”.
What is AP Isolation? AP Isolation is used to protect the device against attacks from other devices in the same network . With this function enabled, the device isolates all the connected clients within the same wireless network from each other, which enhances the network security of users.
I felt enabling isolation would probably reduce the possibility of the random switching on and off moving from one device to another. A hacked device can be used to hack another?
Regarding the ethernet ports then the only devices which use those, are those which use 2 Factor Authorisation on their accounts.
Since I have only just done this today – it’s obviously early days. I’m well aware that many of us have tried the promoted methods only to have things recur a short time after… And I could be completely wrong about my hacking theory. But so far, so good.
I attach a screen shot of the AP isolation setting on my router it can be set for one band, both or neither