Here's some of the potential pain paints with IOT especially.
Lots of it runs off of electricity - so when it "phones home" by communicating with its software repository or does any checking in, or spies on you, or is being actively hacked or attacked, it's using your electricity and costs you money. If it's plugged in, for sure, it's using your electricity regularly.
CHECK + uses more electricity
Same with the bandwidth on your internet line, any time those devices call home, check in, spy on you, are being hacked or attacked, they are using your internet bandwidth.
CHECK + uses more internet bandwidth
When you have any device running on your internet, it likely has a "port". A port is how it transfers bandwidth to and from the internet. That port being open is like an invitation to anyone exploiting software. When someone does a "port scan" on your network they hear that device broadcast (like someone screaming across the room) I'm over here... I'm ready to talk.... do you have something to say to me? Oh you want to issue me a command - ok, I can do that. And that's how you get hacked. But you don't know about it because you don't turn off that device that is crucial for your life. So now you have either a nasty attacker spying on you because of a bug in software or a known exploit, or something still unknown to security people. As an example, there were exploits only found YEARS later in Windows OS that came right through the ports.
CHECK + vulnerable to more port scanning vectors and inquiries
Another thing with ports is worms... ok worms don't need you to DO anything. Just being connected is enough for them to sneak in (again through a port, most likely). They travel around networks looking for openings and aren't driven by humans, only let loose once then travel the wires.
CHECK + vulnerable to worms when never offline
This is more rare but employees can go rogue at companies and release software that has built in backdoors. You might buy a product with perfectly fine software but they hire someone who makes money off rogue software in their product. Orrr they could be purchased by a company that doesn't have good intentions (Didn't Google buy Nest from someone else...) Since so much code is closed source, you couldn't read about if you wanted to without a lot of effort. You will rarely hear about a rogue employee because it embarrasses the company. They will fire the person (if they find out) but not make public statements unless someone finds out.
CHECK + vulnerable to rogue software because you don't choose when the software gets installed, it is under someone elses control
Then the OP mentions something else - if it's electronic, you need electricity to use it (so they mention mechanical devices as alternatives).
CHECK + less hearty during power outages, natural disasters, grid meltdown, electronic attacks, and sometimes sun flares, bit flipping from cosmic rays (that's when a 1 becomes a 0 or the reverse and it messes up storage hardware or running software) - cosmic rays can come from space at any point to earth
Here's the worst one. Just like Twitter bans people it doesn't like... what if Amazon could turn off your ability to shop and Google turn off your ability to heat your home (until you step into line on the internet and speak correctly). Trusting outside companies to all your appliances and even your ability to heat your home.... well... I suppose you REALLY trust them, huh. Can't say I do since they've abused power previously.
I've been on many calls with brilliant people, far more knowledgeable than myself. One thing they all share in common is the ability to simplify complicated topics so a layman can understand and feel empowered. Your level of mastery and sharing this information is appreciated, u/creamkern
Like OP, I work in tech but abhor most modern devices. As others have stated, it almost isn't worth the time to fight the IOT invasion because it's on so many fronts. However, as you've shown, there are many ways we can fortify our home gear and provide effective protection from average and even some advanced attackers.
Make sure the doors are locked when you go to bed... just don't do it from your bed.
Here's some of the potential pain paints with IOT especially.
Lots of it runs off of electricity - so when it "phones home" by communicating with its software repository or does any checking in, or spies on you, or is being actively hacked or attacked, it's using your electricity and costs you money. If it's plugged in, for sure, it's using your electricity regularly.
CHECK + uses more electricity
Same with the bandwidth on your internet line, any time those devices call home, check in, spy on you, are being hacked or attacked, they are using your internet bandwidth.
CHECK + uses more internet bandwidth
When you have any device running on your internet, it likely has a "port". A port is how it transfers bandwidth to and from the internet. That port being open is like an invitation to anyone exploiting software. When someone does a "port scan" on your network they hear that device broadcast (like someone screaming across the room) I'm over here... I'm ready to talk.... do you have something to say to me? Oh you want to issue me a command - ok, I can do that. And that's how you get hacked. But you don't know about it because you don't turn off that device that is crucial for your life. So now you have either a nasty attacker spying on you because of a bug in software or a known exploit, or something still unknown to security people. As an example, there were exploits only found YEARS later in Windows OS that came right through the ports.
CHECK + vulnerable to more port scanning vectors and inquiries
Another thing with ports is worms... ok worms don't need you to DO anything. Just being connected is enough for them to sneak in (again through a port, most likely). They travel around networks looking for openings and aren't driven by humans, only let loose once then travel the wires.
CHECK + vulnerable to worms when never offline
This is more rare but employees can go rogue at companies and release software that has built in backdoors. You might buy a product with perfectly fine software but they hire someone who makes money off rogue software in their product. Orrr they could be purchased by a company that doesn't have good intentions (Didn't Google buy Nest from someone else...) Since so much code is closed source, you couldn't read about if you wanted to without a lot of effort. You will rarely hear about a rogue employee because it embarrasses the company. They will fire the person (if they find out) but not make public statements unless someone finds out.
CHECK + vulnerable to rogue software because you don't choose when the software gets installed, it is under someone elses control
Then the OP mentions something else - if it's electronic, you need electricity to use it (so they mention mechanical devices as alternatives).
CHECK + less hearty during power outages, natural disasters, grid meltdown, electronic attacks, and sometimes sun flares, bit flipping from cosmic rays (that's when a 1 becomes a 0 or the reverse and it messes up storage hardware or running software) - cosmic rays can come from space at any point to earth
Here's the worst one. Just like Twitter bans people it doesn't like... what if Amazon could turn off your ability to shop and Google turn off your ability to heat your home (until you step into line on the internet and speak correctly). Trusting outside companies to all your appliances and even your ability to heat your home.... well... I suppose you REALLY trust them, huh. Can't say I do since they've abused power previously.
Very well explained, thank you.
I've been on many calls with brilliant people, far more knowledgeable than myself. One thing they all share in common is the ability to simplify complicated topics so a layman can understand and feel empowered. Your level of mastery and sharing this information is appreciated, u/creamkern
Like OP, I work in tech but abhor most modern devices. As others have stated, it almost isn't worth the time to fight the IOT invasion because it's on so many fronts. However, as you've shown, there are many ways we can fortify our home gear and provide effective protection from average and even some advanced attackers.
Make sure the doors are locked when you go to bed... just don't do it from your bed.
Remember that days when GRC was raising hell about all the ports being easy access