IoT Security: Why Every Smart Device Is a Computer That Inherits Risk Artwork

Plaintext with Rich

Cybersecurity is an everyone problem. So why does it always sound like it’s only for IT people?

Each week, Rich takes one topic, from phishing to ransomware to how your phone actually tracks you, and explains it in plain language in under ten minutes or less. No buzzwords. No condescension. Just the stuff you need to know to stay safer online, explained like you’re a smart person who never had anyone break it down properly. Because you are!

All Episodes

Plaintext with Rich

IoT Security: Why Every Smart Device Is a Computer That Inherits Risk

January 23, 2026 • Rich Greene • Season 1 • Episode 9

0:00 | 7:48

Your house didn't suddenly become unsafe. It just became chatty. Little devices, quietly talking to the internet, all day, all night. Most of them were never meant to be guarded.

This episode explains IoT security by starting with a translation: if a device needs an app to work and Wi-Fi to exist, it's a computer with software, memory, and network access, and computers inherit risk. It covers why manufacturers optimize for convenience over long-term protection, how most IoT compromises happen through automated scanning rather than targeted attacks, and why devices outlive the software inside them. The episode walks through the three things that happen when a device is compromised, becoming part of a botnet, serving as a network foothold, or leaking metadata, then closes with a seven-step starter kit covering device inventory, firmware updates, default credential changes, network separation, disabling unnecessary features, monitoring connected devices, and buying intentionally.

Whether you've got a house full of smart devices or you're just starting to wonder what your thermostat is doing on the network at 3 a.m., Plaintext with Rich sorts it out.

Is there a topic/term you want me to discuss next? Text me!!

YouTube more your speed? → https://links.sith2.com/YouTube
Apple Podcasts your usual stop? → https://links.sith2.com/Apple
Neither of those? Spotify’s over here → https://links.sith2.com/Spotify
Prefer reading quietly at your own pace? → https://links.sith2.com/Blog
Join us in The Cyber Sanctuary (no robes required) → https://links.sith2.com/Discord
Follow the human behind the microphone → https://links.sith2.com/linkedin
Need another way to reach me? That’s here → https://linktr.ee/rich.greene

Your Home Got Chatty

SPEAKER_00 0:00

Your house didn't suddenly become unsafe. It just became chatty. Little devices quietly talking to the internet all day and all night. Most of them were never meant to be guarded. Welcome to plain text with Rich. Today we are talking about IoT security. And I think it's best to start with a translation. IoT stands for Internet of Things. Simply, the plain text definition of that are devices that are not phones or laptops, but still connect to your network. Think about doorbells, cameras, smart TVs, thermostats, speakers, printers, plugs, appliances, the lights that change colors. If it needs an app to work and Wi-Fi to exist, you could probably bring it up under IoT. Here's the part that matters for us. Every one of those devices is a computer. Not a powerful one, not a flexible one, but a real computer with software, memory, and network access. And as hopefully we know by now, computers inherit risk. IoT security is about protecting those devices so they don't become the easiest way into your digital life. This problem exists because we've optimized for convenience. Smart devices are designed to be quick to set up, easy to use, and cheap enough to buy without thinking too hard. Well, security slows all of that down. So it usually loses the argument. Manufacturers ship devices that work immediately, not devices that stay protected for years. Updates, typically optional, passwords, usually weak by default, support lifespans are vague. Once a device is installed, for most people it just fades into the background. And that's exactly where risk likes to live. Most IoT compromises don't happen because someone targeted you specifically, they happen because attackers scan the internet looking for devices that are still using old software, default credentials, or exposed services. No creativity required. Again, no movie montages, just scale. IoT devices also tend to live far longer than the software inside them. Phones get replaced, laptops get upgraded, but a camera screwed into a wall might run untouched for five, six, seven years. During that time, vulnerabilities are discovered, exploit tools get shared, documentation becomes public. The device doesn't get worse, the environment around it just gets smarter. So what exactly happens when an IoT device is compromised? Well, I mean, usually it's one of three things. First, it becomes part of a botnet. That means it's quietly controlled by someone else and used alongside thousands of other devices to generate traffic, send junk, or overwhelm services. Your camera still records, your light still turns on, you just donated processing power without ever knowing it. Second, it could be, it could become a foothold. Your home network isn't one big open space. It's more like a house with rooms if configured correctly. Phones, laptops, work systems are rooms you care about. IoT devices tend to sit in hallways and side entrances. If one of those doors is weak, it gives an attacker a place to stand and start knocking elsewhere. Again, not instantly, not dramatically, just patiently. Third, there's always data exposure. Cameras capture patterns, speakers listen, apps log usage. Even when no one is actively watching, metadata still exists. And metadata, honestly, is very useful to a lot of people. It helps with scans, impersonation, social engineering later on, right? The damage is, again, rarely cinematic. It shows up as slow internet, strange account alerts, odd behavior you can't quite explain. Which brings us to the practical part. Again, this is going to be our IoT security starter kit. High impact, low drama. Again, some of you will be able to do this, individuals or small businesses. Step one, know what you own. Make a list of every smart device in your home. Not mentally, actually write it down. If you can't name it, you can't secure it. And trust me, a lot of people have a lot more in their home that they're not aware of. Step two, update them, open the device apps, look for firmware or software updates, and apply them. Again, not a one-time task, basic maintenance, just like you would your vehicles. Step three, change default credentials. Any device that has a login should get a unique password. Not reused, not short, not clever. We know that long pass races beat creativity every single time. Now, unfortunately, some devices don't allow you the ability to create a unique password, which brings us almost perfectly into step four, which is separate your networks. If your router offers a guest network, use it. Phones, laptops on the main network, IoT devices on the guest network, or maybe on a separate network created just for IoT devices, like I have in my own home. This doesn't make devices invincible, it just limits how far problems can spread. All right. Again, this is good security design. Step five, disable features that you don't need. Remote access, voice control, cloud integrations. If a feature isn't part of how you actually use the device, turn it off. Less exposure equals fewer surprises. Step six, check who's connected. Open your router's device list, rename what you recognize, investigate what you don't. You're not hunting threats, you're restoring awareness. And step seven, buy intentionally. When you shop for new smart devices, look beyond price. Does the vendor publish updates? Do they say how long support lasts? Do they have a track record? Cheap hardware with no updates isn't a bargain, it's deferred work. Let's clear up a few myths. Myth number one, I'm not interested enough to hack. The reality is automation doesn't care who you are. It's just a device. It looks at scale. All right, you could simply be a foothold. Myth number two, it's just a light bulb. The reality is it's a networked computer with permissions. It might seem small and insignificant, but hey, again, at automation and at scale, it doesn't care. It's just a light bulb. Myth number three, my antivirus will catch it. The reality is antivirus doesn't run on most IoT devices. It's just the way it is. Security isn't about protecting one thing perfectly, as we've learned so far. It's about managing the whole environment reasonably. So here's a takeaway. IoT security isn't about fear, it's about attention. These devices work quietly, but they don't protect themselves more often than not. If you give them a little structure, a little separation, and occasional updates, most of the risk does disappear. Not because attackers went away, but because you've stopped being the easiest option. As always, if there's a security topic you want broken down in plain text, send it my way. Email, DM, comments. I don't care. Reach out to me. I will read it. I will respond. And if this episode helped, please share it with someone who'd actually benefit. This has been Plain Text with Rich. 10 minutes or less, one topic, no panic. I'll see you next time.