At some point you have to define which threat vectors you’re willing to accept. Yes, in theory you’re correct. A device could ship with exploits for wifi targeting most access points or Bluetooth cards I guess.
So this device hops on my network, downloads a payload to break into my computer and finds…. PDFs of my tax returns, where most of the important data is already exposed and associated with my name? Worst case, tries to log into my bank accounts but is stopped by 2FA requiring a hardware token?
The bigger threat is the device wanting on my wifi or wired network, not some Zigbee bulb that has to conceal a wifi radio.
At some point you have to define which threat vectors you’re willing to accept. Yes, in theory you’re correct. A device could ship with exploits for wifi targeting most access points or Bluetooth cards I guess.
So this device hops on my network, downloads a payload to break into my computer and finds…. PDFs of my tax returns, where most of the important data is already exposed and associated with my name? Worst case, tries to log into my bank accounts but is stopped by 2FA requiring a hardware token?
The bigger threat is the device wanting on my wifi or wired network, not some Zigbee bulb that has to conceal a wifi radio.
And what about the zigbee hub, assuming you didn’t know enough to use homeassistant or some such?
Or a wifi bulb?
Point is, consumer smart electronics don’t have the same attention to security paid to them.
Fwiw, I’m not anti-smart device. I run HA and have all kinds of smart crap, so clearly I accept at least part of the risk.
But saying “it’s just a light bulb” is disingenuous as best.
deleted by creator