lehnerus2000 said:

It should never have been allowed, given all the security issues with PCs and phones.

"Allowed"? Who exactly is the arbiter of what can and cannot be placed on the internet?

We have 3 Foscam cameras (1 in our 4-year-old's bedroom, her playroom, and one in the basement where we keep our dogs). Initially, I had them set up so that they were directly accessible on the net (I was using an app called Babycam Monitor to access it). I quickly learned of the vulnerabilities and decided to close the cameras. I disabled UPnP and disabled port forwarding on my router (Ubiquiti UniFi USG-Pro). Now I can only access them via connection to my OpenVPN server. The OpenVPN server is the only port open.

I have a ton of IoT devices, which I've separated into VLAN's. Nokia WiFi scale, Chamberlain garage door openers, Samsung washer/dryer, Amazon Dash buttons, Alexa devices, etc. It makes my life much easier, but I'm aware of the risks. I try to keep them as up-to-date as possible and try to keep them from connecting to my main network.

This is just a risk I take in order to make my life more convenient. Sooner or later I'm sure I will be hit despite all the security measures I've taken.

"Allowed"? Who exactly is the arbiter of what can and cannot be placed on the internet?

The same ones who came down hard on the child who was selling lemonade, to protect the child and deter others from taking on such risks. The same ones who issue licenses and certifications to businesses to ensure consumers at the least have an appearance of protection.

Regarding IoT, there is no appearance of protection. Someone like ericnxmd can protect himself to some degree. The rest of us require the governance to protect us.