Reset paired devices when the network changes

Most consumer smart devices — speakers, cameras, air filters, thermostats, lights, plugs — remember the Wi-Fi networks they have been joined to. If a network with the same name (SSID) reappears, they will auto-join it. This is the evil-twin or rogue access point attack class, and it is well documented in the security literature. The device cannot tell the difference between the original network and a new one broadcasting the same name; if the new one has stronger signal, the device joins it preferentially.

Once joined to a rogue network, depending on the device:

• Its operational state can be controlled remotely (power, schedule, fan speed, brightness, recording).
• Its firmware can sometimes be pushed an update.
• Its presence on the network functions as an occupancy indicator — when the device is reachable, someone is home.
• It can be used as a pivot into other devices on the rogue network.

The defensive practice. When you change Wi-Fi configuration in a space you control — new router, new SSID, network disabled, moved residence — factory-reset every smart device that joined the previous network. The reset clears the stored credentials. A device that does not remember a network cannot rejoin it.

This is not paranoia about the device manufacturer. It is hygiene about every other network in radio range, including ones that have not been set up yet.

The corollary is one I keep arriving at: every smart device added to an environment expands the surface that has to be managed. Smart air filters, smart fans, smart lights, smart anything — each one is a small computer with radios and firmware, on by default, listening by default, hopeful by default to rejoin whatever it remembers. In an environment where the question am I being targeted is live, I have moved progressively in the direction of fewer smart devices and more dumb ones. A box fan with a wall switch does the same physical work as a smart fan with an app, and has no radio.

A related observation worth recording: when I have unplugged or disabled the connected devices in a residence and then sat in the same room afterward, I have noticed a distinct quietness — a stillness — that I had not realized was being eaten by the cumulative ambient pressure of multiple connected devices. This could be interpreted two ways. One: the devices were communicating normally, drawing intermittent attention, and the cessation is the absence of routine background pressure. Two: the devices were doing something they were not supposed to be doing, and the cessation is the absence of that. Both interpretations point to the same action — fewer connected devices in residential space. The absence of the sound is data either way.

This is not absolute. There are environments where smart devices are necessary — accessibility, medical, work. The technique is to know what each device is, what it talks to, when it was last reset, and whether it remembers any network you no longer control.