"The big risk is that a compromise could give you access to hundreds of thousands of homes all at once," Crowley stated. "I could see that as an attack someone could actually use to launch a crime spree." He added that if someone broke into your house, but there was no sign of forced entry, then how would you get your insurance company to pay?
Granted the toilet hack is invasive but more like a prank, yet an attacker could also seriously mess with a person's mind by simply running a web search for smart homes with Insteon and then remotely taking control of the lights as if the house were "haunted."
The potential for hacking smart homes and the Internet of Things-from exploiting network connected toys, thermostats, wireless speakers, to automated door locks-will only continue to grow as more people adopt these technologies. There are plenty of privacy risks in addition to the security vulnerability issues as their white paper [pdf] states:
There are also privacy concerns in the compromise of these devices. Compromise of a device with a built-in microphone or camera comes with the ability to perform audio and video surveillance. Compromise of a motion sensor could be used to determine when there are people at a physical location. Reading the status of door locks and alarm systems as could be achieved by compromising the VeraLite could be used to determine when the building in which it resides is occupied.
Legally, devices that store data on third party servers also enjoy a lower level of privacy protections due to the 3rd Party Doctrine. Many of the devices in this paper fall into this category.
Sign up for CIO Asia eNewsletters.