Today's article from Sophos Security illustrates a major problem with a lot of IoT devices. This one is about garage door openers, but there are many reports of similar security failures in cameras, thermostats, smart door locks and others. When vulnerabilities are discovered, most IoT vendors make no effort to mitigate them. These are cheap devices that were never designed with security in mind and there is no budget for retrofits.
Many times access passwords are embedded in these devices that are not removable. These "secret" passwords find their way to the Internet for random people to take advantage of insecure devices. There are automated search programs constantly scanning the Internet looking for compromised devices.
A big issue is when someone can hack into your smart light switch, it isn't turning on/off lights that is the problem - the problem is that light switch gives them a toe-hold to leverage their way into the rest of your home network. Then your main computer with all its documents, photos and family memories gets an unhealthy dose of ransom-ware shortly after they plunder your passwords and financial details.
https://nakedsecurity.sophos.com/202...r-garage-door/
There are steps that can be taken to mitigate the danger, but many people who buy these devices don't have the technical background to even know there is a problem.