Devices like smart heaters, smart bulbs and smart refrigerators have direct access to unlimited power supply; they have direct access to the internet. And things can go really bad.
And with IDC predicting that the worldwide IoT market will grow from $655.8 billion in 2014 to $1.7 trillion in 2020, security is becoming a very serious topic.
Bruce Schneier has talked a lot about the security risks of IoT, going so far as to say that IoT is unpatchable. Billions of connected devices are running some older version of Linux that has known exploits. The hardware vendors who sold these units moved on to the next version of the hardware and never bothered to update the OS powering these devices. They have no real incentive to do so. Their revenues come from the sale of new devices, not from updating older ones.
At the ongoing Embedded Linux Conference, that is co-located with OpenIoT Summit, Dirk Hohndel, Chief Linux and Open Source Technologist at Intel asked Linus Torvalds if he is worried about the scenario that there are billions of unpatchable devices out there.