The average American home now has 25+ connected devices — smart doorbells, thermostats, voice assistants, security cameras, and smart TVs. Each one is connected to the internet through your home network, and each one can be a potential entry point for hackers. Worse, they all share your public IP address.
Start by checking what your smart home devices expose: visit CheckWhatIsMyIP.com to see your public IP — this is the same IP address attached to every smart device on your network.
Why Smart Home Devices Are Vulnerable
- Weak default passwords: Many IoT devices ship with factory passwords like "admin/admin"
- Infrequent firmware updates: Manufacturers often stop updating devices after a few years
- No encryption: Some devices transmit data unencrypted over your local network
- Always-on connectivity: Devices like Ring and Nest cameras are connected 24/7, providing a persistent target
- Cloud dependencies: Device data often flows through manufacturer clouds, creating additional attack surfaces
What Hackers Can Do With Your Smart Home IP
If an attacker discovers your public IP address, they can:
- Scan for open ports: Find devices with exposed management interfaces (use our Port Checker to test)
- Access security cameras: Poorly secured cameras can be accessed remotely
- Map your network: Discover all connected devices and their vulnerabilities
- Launch DDoS attacks: Overwhelm your network, taking all devices offline
- Pivot into your network: Use a compromised IoT device as a stepping stone to access computers and phones
Step 1: Secure Your Router
Your router is the gateway to every device in your home. Lock it down first:
- Change the default admin password — use a strong, unique password
- Update firmware: Log into your router admin panel and check for updates
- Disable WPS: Wi-Fi Protected Setup has known vulnerabilities
- Use WPA3 encryption: If your router supports it; WPA2-AES is the minimum
- Disable remote management: Unless you specifically need to access your router from outside
- Change default SSID: Don't broadcast your router brand (e.g., "NETGEAR-5G")
Step 2: Create a Separate IoT Network
Most modern routers support guest networks or VLANs. Put all your smart home devices on a separate network from your computers and phones. This way, if a smart device is compromised, the attacker can't reach your personal devices.
- Enable the guest network in your router settings
- Connect all IoT devices (cameras, thermostats, smart plugs) to the guest network
- Keep your computers, phones, and tablets on the main network
- Disable guest-to-main network communication in router settings
Step 3: Hide Your Public IP with a Router-Level VPN
A router-level VPN protects every device on your network — including IoT devices that can't run VPN apps themselves.
NordVPN supports router-level installation on most popular routers (ASUS, Netgear, Linksys, and DD-WRT firmware). Once configured, every device on your network is protected with an encrypted connection and a hidden IP.
After setting up a router VPN, verify the protection by visiting CheckWhatIsMyIP.com from any device — it should show the VPN server's IP, not your real ISP IP.
Step 4: Set Up DNS Filtering
DNS filtering blocks malicious domains before your devices can connect to them. Configure your router to use:
- Cloudflare for Families (1.1.1.3): Blocks malware and adult content
- NextDNS: Customizable filtering with per-device control
- Pi-hole: Self-hosted DNS sinkhole that blocks ads and trackers network-wide
Step 5: Close Unnecessary Ports
Use our Port Checker tool to scan your public IP for open ports. Common IoT ports to check:
- Port 80/443: Web interfaces — should only be open if intentional
- Port 8080: Common for camera management panels
- Port 554: RTSP — used by security cameras for streaming
- Port 23: Telnet — insecure and should always be closed
- Port 22: SSH — close unless you specifically need remote terminal access
Step 6: Ongoing Maintenance
- Update device firmware monthly: Check manufacturer apps for available updates
- Review connected devices: Check your router's device list regularly for unknown devices
- Monitor your IP: Periodically visit CheckWhatIsMyIP.com to verify your VPN is still active
- Replace end-of-life devices: If a manufacturer stops providing security updates, replace the device
- Use unique passwords: Every IoT device should have a different, strong password