[NortySpock]

Assuming read access to your device: Detecting a shift in daily patterns to burgle your house when you're on vacation.

Assuming write access to your device: implanting false digital evidence on your device, calling the cops, and framing you

Assuming root access to your device and network: if you work from home, exfiltrating company-confidential from your home network. Running a botnet from your home.

[blacksmith_tb]

So IoT vendors working with local burglars? Or local cops? I guess we know Amazon certainly has done the latter... (but not to frame Ring owners, that would be an odd business model...) Having rogue IoT devices on your LAN attack other machines on it is a valid concern, though your traffic would be encrypted, and your actual workstations firewalled?

[ivalm]

Part of concern is vulnerabilities in your devices when exposed to the internet. The manufacturer doesn’t have to be malicious, just infosec incompetent.

[toofy]

look at it this way, if major companies who spend billions to hire the best industry security experts to secure their devices and their networks still find themselves regularly compromised, then consider how many of the iot companies are tiny or/and clearly place a significantly higher value on marketing/sales/shareholder return then they do on security, then ask yourself if you want the security and very specific details of your life to reside in the data these companies devices collect.

i don’t want to say they’re malicious but it should be clear by now that a very tiny fraction of companies are taking the security of this data and it’s collectors at even a fraction of how serious they should. even behemoths like amazon have had massive problems with their devices and have been very loose with the data collected.

[unionpivo]

I have worked with some electronics vendors. Their IT practices leave a lot to be desired. I could completely see that someone working there could get access to all info on all clients without anyone noticing and selling it over dark net.