The security aspects of externally (Internet) controlled and/or monitored home equipment and devices is a largely under appreciated issue.

I found this article to provide an informed perspective. Bruce has been providing thoughtful and deep insight on security related matters for many years.

How the ongoing provision of security updates and enhancements to the multitudes of in-home connected devices is going to be funded and actually delivered (enforced, almost) is an open question.

Perhaps these devices need to have two part funding. You buy the thing, but the thing only works if you subscribe to a service that maintains and updates it. The service needs to actually provide good security/service or the affected devices will develop negative reputations and the users or device manufacturers will shop elsewhere.

And somebody needs to be able to audit the actual security as implemented in those devices and updates. All this has costs. The Internet of things seems to be very much not 'easy' to build properly.

It is not only the (home) user that is affected by breached security. For example, large scale botnets exist primarily because there are so many computers, and now other devices, that were unable to resist being compromised. Those botnets are an actual force in the real world, affecting real users and costing real money.

Up to now most of the compromised devices on the Internet were (presumably) Windows computers. Perhaps as the population of attackable routers and other 'smart' devices continues to expand it will be profitable to compromise and conscript these routers, Nests and other plastic devices.

The compute power inside these things may seem modest, but the average compute power will increase as Moores Law progresses, and legions of such conscripts can provide sufficient parallel computation to be worth pursuing. Since these things tend to be powered and connected 24/7 and their activity largely goes unmonitored, they seem ideal for conscript purposes.

Bitcoin itself is in part threatened by the mining of coins at scale using 'stolen' computing cycles

A recent malware attack which locks computer users out of their own data until a ransom is paid (via bitcoin) highlights the potential for compromised security on a device to become a real monetary cost.