Unauthorized iPhone on my WiFi

  • 2
  • Problem
  • Updated 2 years ago
  • Acknowledged
  • (Edited)
After using the eSVT page for in-dept review of usage (nice!)  I left a comment about the site with observations (as requested) and about noticed unauthorized usage.  They seemed to try to help at 1st then suddenly closed claim and blew me off.  

Bottom line, it showed usage for an iphone and Linus system that I don't have and know for a fact (now for sure) that no one is leeching off my WiFi.  I can't be hacked if everything's off, right?  Then they send a commercial for buying a service plan??  Oh please......

Here's the email chain of details for the issue (bottom-up timeline):
----------------------------------------------------------------------------------------
Hello Ken,
 
I'm following up on your recent request for help from our online
support center. Please find a summary of your request and my response
below: 
 
I am sorry
for the trouble you are having with devices connecting to your network without
your approval. Unfortunately we are not able to restrict access by a specific
device, you can call our technical support team at 1-855-463-9333 and request to
speak with our Exede Experts who can help you change the router password again
to a more secure password.

If you need further help, please contact us at
1-855-463-9333 or online at: https://help.exede.net

Thank you for
contacting Exede Internet Customer Care. We appreciate your business. Have a
great day!

Don't forget you can always monitor your usage, change your
plan and view your billing online at https://my.exede.net

Additionally,
we now offer EasyCare is an extra level of support for your internet service
that costs only $5.99/mo. Please visit
http://help.exede.net/articles/General/EasyCare-protection-plan-available-for-Exede-WildBlue-account...
to learn more.

 --------------------------------------------------------------------------- 
Description: 
RE: Case # 00755409 [ ref:_00D70K0Rw._500701auVim:ref ]

(was told
to wait for results - here they are along with the full case thread)

Well,
looks like the iphone and Linux system (also don't have) are still showing now
from 4/6-4/24. All passwords for both router web access and the 2.4GHz and 5GHz
PSK settings were changed. They have been verified by needing to reenter them on
all devices I use. (3-Androids, 1-win XP and 1-win7).

Please find and
eliminate the source of these as I have noticed a faster data usage than I
normally show this month. In fact, I might for the 1st time run out early this
month...... As I mentioned, no one is close enough to me to be using my wifi so
it must be at your end.

Thanks,
Ken
-----------------------------------------------------
At 04:44 PM 4/20/2016, you
wrote:
Unfortunately we can't see if and how much this iphone used. All we
can see is if like a "surprise" data category pops up (like iTunes store or
Netflix if you aren't on it) otherwise we'll see if the phone disappears now
that you changed your password

--------------- Original Message
---------------
From: Ken -------------------------
Sent: 4/20/2016 11:46
AM
To: customercare@viasat.com
Subject: Re: Case # 00755409 regarding your
Exede Account [ ]

Hi Brad, thanks for the quick reply. The iphone use
record must be a mistake since my WIFI can barely reach across the house. I'm
retired, don't have visitors, live on a 3 acre farm and am not close enough to
any neighbors to have them get access. I did a walk around the house to test and
get nothing.

I could maybe see a meter reader once in that time frame
being close enough to the house to access it but it would only be for a minute
as my dog alerts me of his presence and he's always right in and out. Also, if
I'm gone from the house, I turn off the router.

To be safe I changed the
password on my router but can you please check for any mistakes in your data
record? If it's not wrong, can you maybe dig up more details of exact times and
days for me? I hate mysteries. :)

Thanks much,
Ken ------
----------------------------------------------------------------
At
04:59 PM 4/19/2016, you wrote:

Hello
Ken,

Thank you for contacting us. I also show the iphone and it
appears to have been first seen this past month and last seen Saturday. Unless
this is a guest that you or someone in your home provided wifi to, you'll
probably want to change your router/wifi password because you're being leeched
off of.

Thank you for choosing ViaSat, provider of Exede and Wildblue
internet services, as your internet provider. We appreciate your
business.

Sincerely,

Exede Brad
Social Media
Specialist

--------------- Original Message ---------------
From:
Ken -----------------------
Sent: 4/19/2016 12:32 PM
To:
exedelistens@viasat.com
Subject: myeSVT : esvt comments and question Customer
Sentiment: Happy

Very happy with the esvt site. It's got everything I
could want as to info on my internet use. I did notice something odd however. It
states in the network page that for a period of time (4/6 - 4/16) that I was
using iOS 7.1 - iphone on my router. I don't have any iphones and after checking
with what hardware uses iOS 7, see iTV as well as iphone (& Linux) but don't
use those either. I have password protected WIFI and only use PC's with Chrome
and Android smartphones and tablet also running Chrome. Do have an Amazon
Firestick but it's an Android OS also. Am I being hacked? Thanks!

ref:_00D70K0Rw._500701auVim:ref
 
Thank you for choosing ViaSat, provider of Exede and
Wildblue internet services, as your internet provider.   We appreciate your
business.
 
If you need anything else, please create a new request from
our  Contact Us
page.  I hope
this answers all your questions — thanks for giving us the opportunity to assist
you.
 
Sincerely,
Julie P
Exede Customer Care
 
 
ref:_00D70K0Rw._500701b590S:ref
Photo of Ken

Ken

  • 18 Posts
  • 4 Reply Likes

Posted 3 years ago

  • 2
Photo of Bev

Bev, Champion

  • 3076 Posts
  • 1291 Reply Likes
While unlikely, it is possible someone is tunneling through your connection, and if that's happening, they could be anywhere in the world but, likely in the USA. The only way to stop it is a top quality, very programmable firewall and router. A router that allows you to block devices, one with parental controls on the router will do that. A good firewall will allow you to block unused ports, stealth all ports and continuously scan for potential hackers/unauthorized access.

Make sure your OS (Windows) is up to date and, do not rely on Windows Defender and firewall. Far too common, not updated often enough and too easy to hack. F-Secure offered by Exede is a good start, so is Norton (which I use.)

Those firewalls are not free and, do require a bit of learning to set them up properly, best is a double blind firewall or one that can be double blind if you need it to be.

I also suggest a good , full system antivirus, malware and spyware scan and a good sytem cleaning of browsers and the registry. Either CCleaner or Eusing's cleaner can do that for you, Google for whichever one you want to use and, download it, install it, then run first the cleaner which will clean your browsers and temporary files, then, run the registry cleaner. After that reboot.

Once all of the scans, cleaning and firewall is in place, change your router password to a very secure one. Lowe and upper case letters, numerals and symbols eight or more characters  and, nothing related to you or your family, pets or, normal activities will be the most secure.

I know OS updates can use a good bit of data but, the security updates for your OS, router and,anti virus updates have to be done if you want to keep your system secure.

Also be very wary of giving your router password to even relatives that might visit. I made that mistake once, the person pirated a couple of movies without my knowledge. I'd never have allowed those downloads but, he did it behind my back. That not only cost me data but, nearly got my account permanently suspended. Only because of my long time good relationship with Viasat did they believe me when  I told them what device did it, when it first connected and, that it was now blocked form connecting at all and, the person was banned from my home.

I also, of my own choice, contacted Paramount and Universal Pictures, told them what had happened and, paid them for the pirated movies. I have friend in the entertainment industry and, know that pirating costs everyone involved in the production of a piece of work. I wouldn't have felt right if I had not made the effort to make what happened on my connection right as far as I could.

I know i can cost a bit and, be a bit of a pain in the rear to secure your connection but, I'd encourage you to do it ASAP before someone does pirate off your connection and get your account suspended. Ad do stay in contact with Viasat and allow them to help you secure your connection better.
Photo of Jim16

Jim16

  • 2253 Posts
  • 1955 Reply Likes
I love you Bev!!!        " I also, of my own choice, contacted Paramount and Universal Pictures, told them what had happened and, paid them for the pirated movies. "
Photo of Josh

Josh

  • 171 Posts
  • 19 Reply Likes
so obvesly I am not the only one that noticed the same exact thing, my data got used up and it was not by us. noticed a Linux desktop and a iPhone under myesvt . no1 here has an iPhone or a Linux desktop nor could they even get any signal sitting in my yard even they they wanted to. also routers log all connections and none of those devices have ever connected via the router so it is obvesly being done remotely.i have heard excuse after excuse about my router so I direct plugged in for several days and same thing. so I unplugged lan cable after i killed all wireless for 30-45mins done this testing several days in a row and guess what? yes still heavy data useage.
Photo of Ken

Ken

  • 18 Posts
  • 4 Reply Likes
Josh, we should compare notes since that iPhone/Linux connection is WAY too coincidental!  I have no idea how sat internet works but assume it all goes from the sat to a land base where a handful of guys in a back room are running things.  Who knows who could be using customers accounts for their own purposes.  As far as security from hacking, if an outside signal can't get into my system except through the dish on the roof, then that should be Excede's responsibility to block.  If data is being stolen even with our systems OFF, then it HAS to be Excede's fault somewhere up the line.
Photo of Josh

Josh

  • 171 Posts
  • 19 Reply Likes
agree, it sounds like their system was hacked because unless you are in Louisiana it is just to big of coincident. I tested it few days with the lan cable off the back and still was ALOT of  useage which would kinda be impossable.
Photo of Josh

Josh

  • 171 Posts
  • 19 Reply Likes
also they refused to block the iPhone and Linux desktop nor would they give me the mac addresses of the devices
Photo of JEP

JEP

  • 987 Posts
  • 718 Reply Likes

Ken - I suspect that the eSVT tool is not perfect in coming up with it's "derived" users.  I also have iPhone and Linux users identified by eSVT and I know I don't really have them.  Maybe my router has a Linux OS. 

Photo of Bev

Bev, Champion

  • 3076 Posts
  • 1291 Reply Likes
ESVT does lump devices with the same OS together but, mine has never shown a device I was not aware of using my connection.

ANY device that is online is subject to hackers, it's up to the owner of the device to protect it form that. That's the same with any ISP, they protect the servers at the gateways but, it's up to each of us to install firewalls, antivirus, malware and spyware defenses on our devices. Yes some OS are harder than others to crack but, never assume any OS is 100% immune.
Photo of John Blount

John Blount

  • 62 Posts
  • 16 Reply Likes
Good information. I can't seem to find the SVT page you are referring to. Link please?
Photo of JEP

JEP

  • 987 Posts
  • 718 Reply Likes

John - At the bottom of the eSVT page is an icon that looks like an open laptop.  It is the "Home Network View".  Here is what mine looks like.  I am 0.7 miles from a paved road and do not have any iPhone devices in my home.  Maybe NSA has planted something nearby.  Dunno.

(Edited)
Photo of John Blount

John Blount

  • 62 Posts
  • 16 Reply Likes
I guess I am missing something. What is the eSVT page? Where do I find it?
Photo of JEP

JEP

  • 987 Posts
  • 718 Reply Likes
John - As long as you have your account with Exede, you should be able to find eSVT at: https://myesvt.exede.net/
Photo of John Blount

John Blount

  • 62 Posts
  • 16 Reply Likes
I have no icon when on that page. Any ideas? 
Photo of Bev

Bev, Champion

  • 3076 Posts
  • 1291 Reply Likes
I think the confusion might be the derived OS and Devices. All ESVT KNOW 100% is the applications used on your connection.



First item listed is actually two different computers.
Second item is actually a Nabi tablet my seven year old granddaughter asked me to connect while I was babysitting her.
Third is an iPhone.
Fourth is and iPad that needs an update.
The fifth item is actually what it says, that's a one time guest I allowed that day for a few minutes so that she could check FB and see if her son had gotten home yet. (he has no phone and only phone is her cell in the family.)

So look at the application and figure out what uses that application. Never mind the derived OS, it is generally right but, might be wrong, just the closest ESVT can guess as to what OS that application is on if the device does not report all of it's details to the modem.
Photo of Old Labs (VS1-329-L12FZ)

Old Labs (VS1-329-L12FZ)

  • 3893 Posts
  • 3971 Reply Likes
"Derived Device" and "Derived O/S" are the keys here.

Offhand it would appear an educated guess is being made based upon the user agent string passed along by applications on requests. Different applications use different user agent strings.

For example with Firefox, I frequently utilize the User Agent Switcher Add-On and switch to a mobile device user agent string in order to conserve bandwidth when in a pinch for usage (by forcing web sites to serve up lower data impact mobile versions of their sites -  I'm also finding it a to be a more clutter free experience on many web sites - also used it in the past when developing web sites to ensure browser compatibility).

If I had access to eSVT (can't access since NRTC subscriber) I would likely show iPhone, Windows Phone, Nokia, and various Android devices accessing my connection at various times despite never having owned any of them.


ViaSat (as well as web sites) can only guess what devices/applications are actually accessing the connection by peeking at the user agent strings.               
(Edited)
Photo of Steve Frederick-VS1/Beam314

Steve Frederick-VS1/Beam314, Champion

  • 2797 Posts
  • 1764 Reply Likes
I love having access to the SVT tool, but do not pay much attention to what the Home Network page shows for what devices are accessing my network. I have devices such as iPhone, and OS like Win XP, IE6, IE7, IE8, and a few other things that are just not true. I have a Win 10 laptop, Win 10 desktop, two wireless printers, and occasionally an Android phone or two. I just think that the way that they are coming up with this is just a guess, not necessarily what is actually connected. It really doesn't matter to  me, I monitor my data usage with my router and Glasswire, and the number are usually very close to what the Exede usage indicates.
Photo of SonyaA

SonyaA

  • 169 Posts
  • 45 Reply Likes
(Mod Edit: removed pic due to wifi name and other sensitive information)

I too have extra stuff on mine all the top 5 devices are used in this home. NOW the next 4 devices have never been on this network or suppose to have been I dont even know anyone that owns a Nexus. The bottom 3 I can account for also. But I too have had data spikes that could not be explained before. But I went into my data usage on the last days it showed these devices used and I did have ALOT of my LNFZ used my not alot of the prime time used. ????So strange
(Edited)
Photo of Brad

Brad, Viasat Employee

  • 3121 Posts
  • 1100 Reply Likes
One other thing guys, while I appreciate the feedback with screenshots (I have enough to work with already with our eSVT team) but if you feel the need to do a screenshot be sure to crop out your  personal or modem information as that can contain sensitive information such as an IP or Mac address and could potentially lay out a welcome mat for potential hackers.
Photo of JEP

JEP

  • 987 Posts
  • 718 Reply Likes

Another suspect logging on my eSVT network is a device "first seen" before I even had Exede installed.  I guess this in one of the downsides of giving users "too much information". It provides additional avenues for problem reports.  In any case, I'm loving the eSVT tool, even if there are a couple of small warts.


(Edited)
Photo of Brad

Brad, Viasat Employee

  • 3121 Posts
  • 1100 Reply Likes
So to hopefully clarify what I said a few minutes ago: 

First Seen is the first time we saw the device come up on our network. Last Used is when the device was last used on our network and it is over the previous 2 weeks only. We can’t see the exact time the device was last used but we have the date. 

If you've never had visitors and are seeing "devices" that you don't have show up, you're going to want to re-secure your router. They don't have to be in range to leach off your wifi if you're not secure. Also if your usage is nearly out and web browsing shows as the single most used category that most likely is your tell-tale sign of a virus. Hope this sheds some light on the subject
 
Photo of Ken

Ken

  • 18 Posts
  • 4 Reply Likes
Thanks Brad for the clarification.  One questions however.  How can someone leach off your wifi if not in range even if they could get access?
Photo of Bev

Bev, Champion

  • 3062 Posts
  • 1280 Reply Likes
Only way I can see that happening is if they had a booster antenna and, could amplify the faint signal from you router enough to use your data. Then they might be able to do it form further away than the stated, or your experienced range. Not from miles away but, mine for example will not normally reach my barn but, with the right antenna, I can make it work out there. It's there but too weak to connect without a booster. (similar to how a cell phone will show no bars of service yet send a text, though it can't place a voice call or go online.)
Photo of Josh

Josh

  • 171 Posts
  • 19 Reply Likes
better question would be how can they leach your data if your plugged directly in or the lan cable is unplugged altogether? or in some cases powered off even?
Photo of SonyaA

SonyaA

  • 169 Posts
  • 45 Reply Likes
no wireless network no getting in unless its through the modem. I do not know about satellite modems but cable modems have been broken into and compromised

Photo of Josh

Josh

  • 171 Posts
  • 19 Reply Likes
yea definitely not going through any wireless or router, been straight plugging  lately and same thing.wonder why the mods have not acknowledged this and sent to engineers? unless they already are aware and just have no comments about it? I have seen threads about the same thing dateing back many years ago so this is obvesly nothing new but seems pretty common from time to time.
Photo of SonyaA

SonyaA

  • 169 Posts
  • 45 Reply Likes
I just thought about what is on my network or could be that used most of the net at night during LNFZ and I noticed my 2 security cameras and Nest thermostat I have been beta testing, do not show. Maybe the system does not know how to classify these they do not use the same service as the production version does. Also my Dish Network receiver is not showing and its internet is only used through LNFZ also. I would bet alot of you with mystery units showing have satellite tv also.
Photo of Josh

Josh

  • 171 Posts
  • 19 Reply Likes
they obvesly thought people were complete dummys when they made the fake network page. most routers log any traffic to and from them so people can tell if something connects to their equipment. according to them I have a few desktops sat up in my yard stealing wifi lmfao and seems like yall do to even in other states at the same exact dates and times.most of what they are telling me is not even remotely possible. and to any tech person would sound insane and crazy. either their system is compromised and they do not want to admit it or it is being done on purpose that would be the only reasonable explinations.
Photo of Bev

Bev, Champion

  • 3062 Posts
  • 1280 Reply Likes
DirecTv Genie system shows as older versions of Widows on my router which attemtps to identify unnamed connected devices by application. Those don't show on ESVT for me because we don't do On Demand or Watch From The Beginning but, if you did, then it would be on ESVT. I suspect Hopper for Dish would be the same.
Photo of SonyaA

SonyaA

  • 169 Posts
  • 45 Reply Likes
I am sooo seeing usage spikes another 2GB gone in 2 days
Photo of Josh

Josh

  • 171 Posts
  • 19 Reply Likes
I have come to realize that "home network" page of esvt is bogus, seems it reads from their side of the modem and not the customer side.therefore remote tech connections also show up and anytime reps from exede run speed test,diagonostics,ect it does in fact use data as if the customer used it, that explains why a router does not log the connections is  because it bypasses and goes directly to the account.
Photo of SonyaA

SonyaA

  • 169 Posts
  • 45 Reply Likes
i think your right I know I was reading else where that Hughes does pull data from user accounts but also its not suppose to be recorded as that usage being used by user. But why would they need to do so with multiple platforms
Photo of Ken

Ken

  • 18 Posts
  • 4 Reply Likes
Update on my usage history.  It's almost exactly like JEPs screen-grab above as far as OSs and dates. My latest "last used" dates are still showing 4/25 for some reason.  Another interesting thing is a HUGE data spike last Friday night during LNFZ.  I work nights so use it between midnight and about 4AM.  Daily use graph runs very consistent for this time period except this spike is 3 times the amount normally used and shows it only at 4AM, close to when turned off.  Since it's not counted I really don't care but interesting to see the discrepancies in the tracking of use in general.
Photo of Ken

Ken

  • 18 Posts
  • 4 Reply Likes
My month rolled over and thought I'd recheck devices.  To my surprise, the usage device chart is gone and it states; "Applications and O/S - There are no devices connected" plus the usual fine print.  Wouldn't think I could get this message since I have to be on the internet to access the message correct??  Must be in stealth mode or something.....:)
Photo of Steve Frederick-VS1/Beam314

Steve Frederick-VS1/Beam314, Champion

  • 2789 Posts
  • 1756 Reply Likes
I just checked mine, the usage device chart is there, showing a variety of the devices it thinks are connected to my home network.
Photo of Roo

Roo

  • 30 Posts
  • 8 Reply Likes
I don't know if this helps but after reading Ken's original post I checked my home network on the esvt. All was as it should be, it matched the devices I had connected.  Then I got an android phone and had it connected to my network via wifi.  My esvt then started showing the Linux and iphone, which I don't have.  After monitoring it for the last 3 weeks and the Linux and iphone still showing, my curiosity got the better of me so I started googling and found that android uses a Linux based system... so that explains why that is showing up.  As for the iphone, I'm not quite sure, but I do have itunes on my pc which I hadn't used for a while, until about the same time I got the android phone, and that pesky apple updater showed up so I updated the itunes, and I'm thinking that may have something to do with the iphone showing up as I think the esvt just recognises the os and thinks its an iphone.

Anyhoo, I'm no expert in all of this but it satisfies my curiosity.  My usual data usage hasn't changed since the Linux and iphone showed up, nobody is leeching off my wifi, and I definately don't think Exede is doing anything underhanded. I guess if I really wanted to test my theory I could turn of the android for a couple of weeks and see if those things disappear, but I'm not that concerned, I just think the esvt, while a very good tool, isn't able to distinguish between devices that use similar os.
Photo of Bev

Bev, Champion

  • 3076 Posts
  • 1291 Reply Likes
Yes, Using iTunes makes an Apple device show, as does using Safari, even if you use it on a Windows PC. The devices in ESVT are a computer's best guess based on the application that connected to the internet. Not all applications report exactly what they are named for users. Like Android, they just tell the internet that they are a Linux based application.
Photo of Bev

Bev, Champion

  • 3076 Posts
  • 1291 Reply Likes
Do either of you use a mobile emulator on your computers to run apps intended for mobile phones?

A phone would have to use your router to connect so, I would guess some app on one of your computers. As I said, log everything you do online for a couple of days and, what apps or programs you use to do it and see what days match the questionable phone using your connection.

If nothing matches, change your router password then, contact Exede with details and the list of what you used to do what when.
Photo of Old Labs (VS1-329-L12FZ)

Old Labs (VS1-329-L12FZ)

  • 3891 Posts
  • 3968 Reply Likes
User Agent Strings (as well the newer User Agent Profile spec) aren't really intended to identify specific devices but rather their capabilities and compatibility with other known devices - otherwise what would happen if a new device model suddenly became available?. It's the capabilities not the device. They're only intended to provide developers with a hint as to how best deliver your content and for problem diagnosis.

If you want to really know what devices are accessing your connection, only your router knows for sure (and even then it's typically only the MAC address that's reliable).

Quite frankly, Viasat should clarify that the "devices" listed by eSVT are derived and inaccurate. Sometimes providing inaccurate information is worse than providing any at all. As Josh stated above from a user perspective it's bogus - albeit useful to developers such as myself - let me clarify retired developer ;)

    
(Edited)
Photo of SonyaA

SonyaA

  • 169 Posts
  • 45 Reply Likes
nope no apps I use my laptop everyday but never put any apps on it I only use it for getting online. And already changed password when I started tracing this that is first thing I done. And yeah I think its going to take some research.
Photo of SonyaA

SonyaA

  • 169 Posts
  • 45 Reply Likes
Ok looks like last time it accessed my network was the 8th and now my daily snapshot is not showing my usage so I can track it
Photo of SonyaA

SonyaA

  • 169 Posts
  • 45 Reply Likes
OK it has dropped off and does not show anymore as using my network I still have the linux and another windows system but since it dropped off I have gone further in the month so far then ever without getting fapped