Oh my.... You apparently don't understand how networks work then. They connect to the local wireless LAN (Local Area Network). Devices on the same network can indeed interact with them locally... but why then do you need to register an account through a third party app for most of them? Because the devices also allow for the app to control the device from OUTSIDE the LAN. Which means that the device needs external internet connectivity for this to occur. If this internet connectivity is available, then it creates an attack vector for hackers to utilize these devices to connect into the local network through the external connection.
There has been no confirmation that the device had a wireless router. The proper terminology would be Access Point (AP), because its not "routing" which is more involved, its simply exposing a wireless connection. Even so, i'm fairly confident that what we are really talking about is that the building had internet connectivity, and a smart thermostat that allowed for external control of the internal climate. Through this combination of connectivity, a hacker could break through (piggybacking) off of the door that the thermostat provides. However, this is all speculation and if the machines were not connected to this local network and therefore my original point stands... Is it possible? Yes, but there is no confirmation other than loosely throwing around terms and concepts.
Oh my.... You apparently don't understand how networks work then. They connect to the local wireless LAN (Local Area Network). Devices on the same network can indeed interact with them locally... but why then do you need to register an account through a third party app for most of them? Because the devices also allow for the app to control the device from OUTSIDE the LAN. Which means that the device needs external internet connectivity for this to occur. If this internet connectivity is available, then it creates an attack vector for hackers to utilize these devices to connect into the local network through the external connection.
There has been no confirmation that the device had a wireless router. The proper terminology would be Access Point (AP), because its not "routing" which is more involved, its simply exposing a wireless connection. Even so, i'm fairly confident that what we are really talking about is that the building had internet connectivity, and a smart thermostat that allowed for external control of the internal climate. Through this combination of connectivity, a hacker could break through (piggybacking) off of the door that the thermostat provides. However, this is all speculation and if the machines were not connected to this local network and therefore my original point stands... Is it possible? Yes, but there is no confirmation other than loosely throwing around terms and concepts.
Nothing you wrote conflicted anything I said.
Also, the confirmation is in the forensic data. All hardware and all IP addresses are in the report.