Can Smart Home Manager provide more details on "vulnerability found" so the vulnerability can be resolved?

Hello asmiran! We're thrilled to help you with the Smart Home Manager app. The AT&T Internet and Smart Home Manager is primarily used to manage your home Wi-Fi network and your devices.

While it may have indicated a vulnerability in your network, it may not provide further details beyond what may have caused the vulnerability. 

The best course of action would be to change the password that was exposed, and your Wi-Fi password to help protect the devices in your network.

For additional security we'd also recommend making sure your connected devices are safe with ActiveArmor internet security or advanced internet security. This will help to detect threats, suspicious internet activity, and unsafe behavior while also protecting your devices and network.

Please let us know if this helps.

Tanatswa, AT&T Community Specialist

Hi ATTHelp, thanks for your response. I do have some follow-up questions;

While it may have indicated a vulnerability in your network, it may not provide further details beyond what may have caused the vulnerability.

Is this information available on the paid version of ActiveArmor, or elsewhere? The indication of a vulnerability is insufficient to resolve the issue.

The best course of action would be to change the password that was exposed[...]

I don't know which password was exposed, that's the information I'm looking for. It lists the device, but that device has >10 password protected accessible web services, so I'm not sure which needs changed.

[...]and your Wi-Fi password to help protect the devices in your network.

I've changed my Wi-Fi password since receiving the alert, and received the alert again afterwards, so this doesn't appear to address the issue.

We are here to help answer your follow-up questions about the smart home manager app asmiran.

To answer your first question, you can review individual threats in the message center. This can be found on the app on the right corner of the app on you log in.

To answer your second question, below are the feature that comes with the upgraded ActiveArmor.

• Built-in defense: Monitors suspicious behavior across all connected devices, blocks malicious sites, and scans your network for vulnerabilities.
• Connected device security: Help protect all device on your network
• Personal data protection: it provides the ability to manage your Wi-Fi password, network name, and control access.
• VPN at Home: Keep your digital information private and protect your connected household devices through secure network encryption.
• Threat Activity Dashboard: See how AT&T ActiveArmor is working to protect your network and connected devices with real-time insights on blocked threats.
• ID Monitoring: Get daily alerts and useful tips if your personal information is leaked.
• Advanced Content Controls: Take the guesswork out of safe browsing with simple, customizable security settings.

Finally, changing the Wi-Fi password can help control the device connected to your network.

We recommend that you read the details of the threats in the message center to know the exact password that is compromised and needed to be changed.

We hope this helps answer your questions and feel free to reach out if you have other questions.

Thanks for contacting AT&T Community Forums.

Olajide, AT&T Community Specialist

Thanks for the quick response. When I select the notification in the message center and read the details, it has the following description:

"There was 1 vulnerability found on your <device_name>. The vulnerability is an exposed password."

There are many services on that device, with a wide variety of connection and login methods, and each with a unique password. You recommended reading the details to know the exact password that is compromised, however the details don't provide information regarding what service or password on the device was exposed. Is there somewhere else I can check?

Also, the device in question is connected via ethernet, Wi-Fi is entirely unrelated.

Thanks for that update, asmiran!

Quick question: Are you using Google Chrome as your browser? We ask this because they have a password check up feature which can show you which password(s) may have been compromised. 

We have no way of locating exactly which of your passwords have been compromised on our end.

Please feel free to reach back out if you need help in the future. Thanks again for contacting the AT&T Community Forums!

Lacey, AT&T Community Specialist 

Hi ATTHelp,

I think that answers my question, I'll respond to each bit for edification of anyone reading this later on.

Quick question: Are you using Google Chrome as your browser? We ask this because they have a password check up feature which can show you which password(s) may have been compromised.

The device in question does not have any web browsers installed, since it's running as a headless web server with no GUI. On my devices that do have Chrome installed, my intranet services are not managed by Google's Password Manager. Regardless, this seems like a different sort of check than I'm looking for (exposed password vs. leaked password).

We have no way of locating exactly which of your passwords have been compromised on our end.

So the AT&T app is able to detect and alert that a password has been exposed, but does not supply the information it would have had to encounter in the process. Can you imagine having a home security system with those limitations? "We found an unlatched window that an intruder could gain access to, but we're not telling you which. Good luck."

I think that answers my question, unfortunately.

Also, just wanted to point this out:

We recommend that you read the details of the threats in the message center to know the exact password that is compromised and needed to be changed.

next response;

We have no way of locating exactly which of your passwords have been compromised on our end.

/headdesk

I guess that pretty much sums it up. My device is also wired, also has numerous individual password protected services. I looked in my password manager (not google!) and none of the passwords that would be associated with this device show as compromised (leaked -

I'm ASSUMING that's the vulnerability, rather than an unmasked password).

Apparently the ATT app is more advanced in that it detected this no-details-we-cant-tell-you-how-we-know exposed password before my pw manager did. 

I suppose I'll either have to change any possibility-related pw (then update on these on who know how many devices), or wait untill my pw manager catches up to ATT.