About a year ago I was writing a paper around IoT security and “smart homes”. While writing it I was learning about the messaging services and protocols that most IoT things were using at the time. After a few hours of studying I was able to find a random device through a quick search on shodan for ports and protocol and within another 30 minutes know that the device was:
A. A home security/thermostat solution
B. Connected to two mobile devices that shared their proximity information every 30 seconds
C. Reverse the address of the home, all door locks and windows (and the status of locked/unlocked)
D. Find out the identity of the couple that lived at the location as well as where they worked and their routes to work.
This was enough information to where I could drop pins on a google map with a script as the husband and wife moved around their neighborhood and house. All of this information I was able to see, was by design within the IoT device just poorly protected.
Needless to say, I didn’t release the paper and I contacted the owners and let them know their house was telling secrets about them. Even a properly firewall IoT devices has other attack vectors through trusted relationships (mobile phone apps, cloud backend services, other IoT devices).
Wanted to contribute to the original post