ASM826 pointed out that a town's water purification system was connected to the Internet, to make it easier to manage. Hilarity ensued.
It is very easy to do that in this day and age, and so we can expect that for most things remote access will not be set up by IT professionals but rather by people who spell "security" with a k. People seem to think that it's a big Internet, and what are the chances that someone will find their little device on it? Well, the chances are pretty damn good:
Use Shodan to discover which of your devices are connected to the Internet, where they are located and who is using them.
Websites are just one part of the Internet. There are power plants, Smart TVs, refrigerators and much more that can be found with Shodan!
I've posted before about Shodan. If something is connected to the 'net, Shodan finds it and you can browse their database. This is child's play - you can sign up for a free Shodan account and see for yourself. The problem is that most people can't set things up to protect themselves. As I wrote:
So what do you do? One thing is simply not to get any of this sort of thing. No Internet-connected webcams, security systems, light bulbs, refrigerators, TVs, etc. Some of these products are frivolous, like Philips' Internet controllable light bulbs that change color via command from your iPhone app.
But others are not. The Queen Of The World likes her Netflix and Amazon Fire TV, and we have a new TV that will give her than. What's the risk? I guess I need to figure that out. What I'm thinking is to block outbound traffic at the Internet router. Probably to do this I will need to build a box to put in front of that, with appropriate tools and logging.
That takes a pretty high skill set, and a lot of time.
It's a pain in the butt but I could set up a home firewall and put all the stupid Internet Of Things nonsense (like Netflix TVs and the like) on a separate WiFi that is essentially a DMZ. At least that will keep Bad Guys from getting into the rest of the house network. And I can have the firewall block any device I haven't explicitly enabled.