To add to this, you should also see if the events tab under the device page for your Sonos speaker has any indications of the app that originated the TTS.
There's also the possibility that it was not through Hubitat. Sonos speakers can be accessed on the local network by many devices that can generate TTS.
If you need help getting to the bottom of this, please send me a private message. But I agree that screening the logs and checking your network for intrusion are good places to start your investigation.
You could also check you wifi router for unknown clients and use one of the online port scanners to scan for vulnerabilities. Not as good as a thorough PEN test of course but not a bad place to start,
No one at all in my house or has access to my system.(I have security on and a 12 character password) the speaker that just said "greetings" 2 days ago said something that stuck out to me in the logs something that included pnp something which is weird because I turn all that off on any device I get. The other weird thing that I thought one had to pay for was remote access. although I can't access anything but dashboards I can access them on my phone without the wifi turned on so they would be accessible from anywhere in the world so that technically is a possible back door to someone maybe
You don't have to pay for remote access. It comes free with the dashboards and mobile app. The add-on service (Remote Admin) is to be able to access the administrative interface of your hub from anywhere with an internet connection.
@user1383 And though the remote access subscription makes things super easy (and I use it), in keeping with Hubitat's no-fee strategy, you can set up remote access using other methods without charge.
well that's only because obviously someone was in my network, not because it was going to secure my network or keep them out of my Hubitat. i panic easily with security but fail miserably I am sure, mostly because I'm a dope that knows just enough to be dangerous
Yeah that might have been an over-reaction. But on the plus side at least you have a clean OS install! If you have that concern again one solution is just to disconnect the computer from the network while you validate whether you actually have an intrusion or not.
Im using Fing to montior who / what is in my network. It notifes me when ever a new device joins so I can confirm it or terminate the connection. They have alimited free or a paid tier. There are some useful tools on the paid tier.
As to password, can't say much there, other than change it. I use 13 characters, random Caps, Lower, Number Symbols. Does your router have a guest network? Is it possible someone accessed it that way? I have my quest network on a QR code so I dont have to give out the password, and have it set to cut off access after 3 days. I can go in and extend it if necessary. I'm not an IT, netowrk or security guy, but i'd bet it didn't come through hubitat.
That's a great idea! Some more sophisticated routers will do that as well.
Another good practice! Though theoretically the point of a guest network is that they can access the internet but nothing else. Of course someone standing in front of your house accessing the internet via a guest network isn't a great idea either. The last thing you want is the police showing up at your doorstep asking you why you downloaded all that child porn. I like the 3 day timeout. Great practice.
Also a good practice especially since I'm gonna bet you also don't re-use passwords but instead use a password manager.
I used to reuse, but I haven't in several years now. My wife still does, grrr that's an on going discussion. Yes, I use Enpass (not afan of the cloud based password managers like LastPass). I have no idea what any of my passwords are except the Enpass master (and I forgot that once, what a pain!!).
I use 1password. It does store passwords in the cloud but encrypted. The advantage is I can use 1password across all my devices and it keeps everything in sync.
One addition I would suggest to your already solid set of practices is to enable MFA on any sensitive website that will allow it. And don't use SMS. Use an authenticator app.