Day 5
Who's on My Network? IoT Security
DAY 5: Who's on My Network? IoT Security
Here’s a scary truth: your smart home might be too smart for its own good. Every connected device - from your TV to your toothbrush - is another potential entry point for hackers. And since a lot of IoT manufacturers cut corners on security, they’re often the weakest link in your home network.
Attackers love this stuff. Why go after your firewall when they can compromise your smart lightbulb, pivot into your router, and start snooping on your traffic?
Don’t panic, though. Once you know what’s connected and isolate it properly, your risk drops dramatically.
Yesterday, we locked down your router and set up a guest network. Today, we’re going to see who’s actually living on that network - because your WiFi might be more crowded than you think. We will also learn how to spot weird devices, and which gadgets belong on your main network versus your guest network.
We are gonna be kicking off unwanted devices, and learning how to “sandbox” your smart home so it doesn’t spy on you.
What’s up S’mores! I’m Shannon Morse - welcome to Day 5 of my 30-Day Security Challenge, the series where we build your privacy fortress one day at a time.
Every day for the next month (with a few breaks built in), we’re tackling one small, practical thing you can do to make your online life safer.
You can follow along with the checklist and blog version over at http://shannonrmorse.com/30-day-security-challenge - or just hit that playlist on my channel and go day by day.
STEP 1: IDENTIFY DEVICES
So grab your notepad - it’s time to play “find the intruder.”
Log back into your router’s admin interface - you can usually do that by typing something like 192.168.1.1 into your browser. If you watched yesterday’s video, you already know how to do this.
Once you’re in, look for something called the Client List or Connected Devices or Network Map. This shows every phone, laptop, smart TV, and random gadget currently connected to your Wi-Fi. These are your “client devices”.
Ideally, everything on this list should look familiar - your phone, your laptop, your partner’s tablet, kid’s smartphone, TV, light bulb, whatever.
Now, go through the list and write down each one you recognize.
But if you see something weird, like a random string of letters or a device name you don’t recognize… that’s sus.
So here’s a quick trick:
Turn off one of your devices - like your TV or smart plug - and refresh the list. If the weird one disappears, congrats, you found your mystery device. If it doesn’t… well it might be time to change your Wifi password and kick out that uninvited guest.
Pro Tip: some devices will only show a model number, like “ESP_12E” or “Tuya_Light.” You can sometimes google the model number to figure out what a device is before you start walking around your house turning things off.
Then, one by one, move your smart devices over to your guest network. So how do we do that?
STEP 2: SORT DEVICES INTO GROUPS
Now let’s separate your gadgets into two groups:
Trusted Devices and IoT Devices.
Trusted Devices are things like your phone, laptop, or desktop computer - stuff that you actively use and keep updated.
IoT Devices (aka Internet of Things) are everything else - smart lights, thermostats, cameras, robot vacuums, pet feeders, watches, speakers, even your fridge if it connects to Wi-Fi.
We’re separating the Smarthome IoT stuff because it might not be as secure. IoT gadgets are designed for convenience - but that convenience often comes at the cost of security.
They can have weak passwords, outdated software, and hidden vulnerabilities. And sometimes, they get hacked without you ever noticing.
STEP 3: MOVE IOT DEVICES
We’re gonna put all those IoT devices onto the secondary guest network that you created yesterday. So everything that’s listed under the IoT (Internet of Things / Smarthome) category should live there. This keeps them separated from your personal devices like laptops and phones. If one of them gets compromised, the attacker can’t access your sensitive data. They are sandboxed - isolated from your most sensitive data, your work files, photos, and documents.
Some devices make this easy through their mobile apps; others might need to be reset and reconnected manually. It definitely takes time to do this - but it’s so worth it. If your router supports client isolation on the guest network, turn that on too: it stops IoT devices from talking to each other or seeing your main network.
While you’re at it, log into each IoT device (if possible) and change its default username and password. If you can’t change the password - or you can’t even access the device settings - that’s a red flag. And honestly, if a device doesn’t need to be online? Just disconnect it. Does your fridge really need internet access? Does your vacuum? Probably not. Unplug those data leaks.
If you’re finding this video helpful, a subscribe would me a lot to me. Subscribing is a simple and free way to support creators on youtube!
So if you’re following along with the challenge, hit that subscribe button and turn on notifications so you don’t miss tomorrow’s video. You can grab the full checklist and daily recap at ShannonRMorse.com.
BIG Patreon shoutout to to my smores! You can join them and support my channel by going to patreon.com/shannonmorse for perks like early video access and my private discord!
As usual, all the videos on my channel are free to watch, and I thank my youtube members and patrons for making that possible
STEP 4: LOCK DOWN IOT
Now that you know what’s connected, it’s time to secure each one individually.
Here’s your IoT security checklist:
✅ Log into the device’s app or web portal.
✅ Change the default username and password (yes, even your smart fridge).
Pro Tip: create unique passwords for each IoT device, and store them in your password manager. It’s tedious, but totally worth it - because one weak password on a smart bulb can give hackers access to your whole home.
✅ Turn off UPnP (Universal Plug and Play) - it helps devices auto-connect, but it’s also a hacker’s best friend.
✅ Update the firmware on your gadgets regularly - it’s your best defense against known vulnerabilities.
✅ Skip the cloud backups if you don’t trust how they handle your data.
✅ Disable any remote access or “cloud control” options you don’t actually use.
✅ And if you bring gadgets to work - like smartwatches or connected wearables - don’t connect them to your company’s internal network. Ask for the guest Wi-Fi instead. That goes for your home, too - anything new should go straight to your guest network until you verify it’s safe.
✅ A lot of IoT devices don’t just connect - they report back to their manufacturer.
In your smart home apps, check for settings related to:
“Data sharing” or “analytics”
“Cloud storage” or “voice recordings”
“Usage history”
Disable anything that isn’t essential.
And for devices like smart speakers or displays (hey Alexa, I’m talking to you), mute the microphone when you’re not using them. You’d be surprised how often they “accidentally” wake up.
STEP 5: AUDIT THE NETWORK
Security isn’t a “set it and forget it” thing. Every few months, log back into your router and recheck that client list. Even after today, make it a habit to check your network at least once a month.
There are great tools that can automate this for you:
Fing (mobile app that scans all connected devices)
GlassWire (for Windows and Android - shows which apps are using your bandwidth)
Firewalla (hardware device that monitors and alerts you about suspicious traffic)
These tools give you visibility into who’s connecting - and help catch anything weird before it becomes a problem. If you see a new mystery device - investigate. And always install firmware updates when they’re available. Because the truth is, home networks are constantly changing - and so are the threats. A little bit of regular maintenance keeps your setup strong and secure.
STEP 6: AI AND ECOSYSTEMS
Smart home ecosystems like Alexa, Google Home, and Apple HomeKit have added AI-driven “routines” that automate your daily life - but they also collect massive amounts of behavioral data.
When setting up these assistants:
Review their data retention policies.
Disable “training data” sharing if available.
Regularly delete voice or activity history from their apps.
And if you’re using AI cameras or doorbells, make sure end-to-end encryption is turned on (some brands enable this by default, others require you to actively go into your settings and turn it on).
Lastly, matter and threads are somewhat standardized for newer devices, but these don’t magically make those devices safer - you should still be updating firmware and not depending on trust in the manufacturer.
And that’s it for Day 5!
Today, you learned how to identify every connected device, isolate your smart home gadgets, and shut down their data collection habits. You’re now in control of your network - not the other way around.
Tomorrow in Day 6, we’ll dive into Smart Home Permissions - learning how to lock down those app permissions, revoke unnecessary access, and make sure your devices only talk to who you say they can.
If you found this helpful, hit that subscribe button, ring that bell, and grab the full challenge checklist at ShannonRMorse.com
I’ll see you tomorrow for Day 6. Bye yall!
Useful Resources: