IoT Security: How to Protect Your Connected Devices

Imagine your office robot vacuum doubling as a roving spy cam—streaming video and audio straight to a stranger’s smartphone from just a few rooms away.

Sounds like the plot of a B-grade dystopian thriller… but it was actually the focus of a recent ABC News exposé. In a delightfully unsettling demo, an Aussie cybersecurity researcher helped a journalist hack into a top-of-the-line, $2500 model from the world’s largest home robotics company. No password. No alerts. Just full access to the camera, microphone, network logs, and Wi-Fi credentials—via Bluetooth, from 140 metres away.

To be clear—this wasn’t a shady black-market device. It was a perfectly legal, off-the-shelf robot vacuum, which met Australia’s cyber security legislation standards—one of thousands already buzzing through Australian homes and offices.

And unfortunately, it’s far from the only “smart” device with a laughable approach to security.

Welcome to the wild world of IoT (Internet of Things). These are the “smart” gadgets that talk to each other and connect to the internet—everything from baby monitors and fridges to fleet trackers and medical wearables. We love them for their convenience, but here’s the catch: they’re often woefully insecure.

In this article, we’ll break down the biggest risks, the industries most at stake, and the practical steps you can take to protect your connected devices—at work and at home. Spoiler: it involves more than just changing the Wi-Fi password and hoping for the best.

Why Connected Devices Are a Hacker’s Dream

The thing about connected devices is that they’re often built for speed, price, and convenience—not security. Manufacturers race to get products on the shelves, sometimes skipping over encryption, regular updates, or even the ability to change default login details (yep, “admin/admin” is still a thing in 2025).

This makes them easy prey. Hackers can use a compromised smart light bulb or office camera to gain access to your entire network. Once they’re in, it’s game on: data theft, ransomware, surveillance—you name it.

And it’s not just about dodgy imports or cutting-edge gadgets. Even well-known brands have had vulnerabilities exposed. The ABC’s recent vacuum-hack experiment wasn’t some genius-level operation—it was a researcher using basic tools to gain access through Bluetooth. The device even recorded video and audio. If that doesn’t make you rethink letting your office toaster connect to the cloud, we don’t know what will.

Top Threats Facing Your Connected Devices

Trying to wrap your head around IoT security can feel a lot like decoding a user manual written in Klingon. Between the jargon, the acronyms, and the sheer number of connected devices floating around, it’s no wonder people feel overwhelmed. So, let’s cut through the noise (and the inane tech-speak)—here are the most common (and preventable) ways your connected devices can get you into trouble:

• Default credentials – If you haven’t changed the username and password, someone else might (read: a 12-year-old across the world with their eye on your customers’ sensitive information). 
• No firmware updates – Many devices run on outdated software, leaving them open to known exploits.
• Unencrypted data – Your device might be sending info across the web without any protection.
• No visibility – Most organisations (and households) don’t even know what’s connected to their network. (You should read Cloud Security Myths: What’s Really Protecting Your Data for more info.)
• Over-permissioned access – That “smart” speaker might have access to more of your business systems than it should.

What Industries Are Most at Risk in Australia?

While most Aussie homes and businesses now have some kind of connected tech, the stakes are much higher in certain sectors. Here’s how some of Invotec’s key industries are affected:

• Healthcare: From internet-enabled heart monitors to check-in kiosks, the risks include data breaches, ransomware, and even patient harm.
• Education: Schools are full of IoT—think smartboards, tablets, and attendance trackers. Poorly secured devices can expose student data or disrupt systems.
• Construction: GPS-enabled tools, site sensors, and remote access systems are useful—but vulnerable. A cyberattack can delay projects or compromise safety.
• Government: Councils are turning to smart infrastructure—waste management systems, CCTV, even traffic lights. But that connectivity must be locked down.
• Professional services: Firms that allow staff to connect personal smart devices to the work network risk introducing threats they don’t even know exist.

Bottom line? If your industry uses tech (and whose doesn’t?), you’ve got IoT risks.

How To Actually Protect Your Connected Devices

Good news: you don’t need a cybersecurity degree to get your digital house in order. Here’s what we recommend:

1. Change the defaults – As soon as you get a new device, change the login credentials. Disable remote access unless you need it.
2. Create a separate network – Keep IoT devices on their own VLAN or guest network to isolate them from sensitive systems.
3. Stay updated – Enable automatic firmware updates where possible. No one enjoys them, but they plug the holes hackers crawl through.
4. Enable MFA – If the app or platform controlling your device offers multi-factor authentication, use it. Always.
5. Monitor your network – Know what devices are connected, and track unusual activity. If that fish tank sensor suddenly starts uploading to Belarus—disconnect it.
6. Only connect what’s needed – If it doesn’t need to be online 24/7, it shouldn’t be.
7. Educate your team – Every staff member should understand that bringing in a personal smart plug could expose the whole organisation.
8. Get an IT security assessment – still don’t know your MAC address from your MQTT protocol? Let the experts save you the headache with a security audit and risk assessment. That way, you know you’re protected. 

You don’t need to turn your office into a Faraday cage, but basic cyber hygiene goes a long way.

What To Look for When Buying New Devices

Just because it plugs in and says “smart” doesn’t mean it’s savvy about security. The reality is, many connected devices are designed with flashy features in mind—voice control, remote access, app integrations—but barely give a second thought to what happens if someone unauthorised gets in.

So, before your next smart speaker, video doorbell, or workplace gadget joins your network, take a few moments to vet it properly. Here’s what to look for:

• Check the brand’s update history – Do they push regular firmware updates? If not, that device could be running with known vulnerabilities for years.
• Look for data control features – Can you disable location tracking, video/audio capture, or limit how much is shared with third parties?
• Choose devices with local control options – Relying entirely on cloud-based services can leave you exposed if the vendor is breached or goes offline.
• Prioritise compliance – Products that align with Australian cybersecurity guidelines (like those on cyber.gov.au) show a commitment to better protection.

A smart gadget that doesn’t support updates or security controls isn’t a smart buy. If the manufacturer doesn’t take your data seriously, neither should you.

Think It Can’t Happen to You? Watch This.

The recent ABC investigation into a hacked robot vacuum wasn’t some fringe case—it was a wake-up call, and it’s worth a watch. In a controlled (and let’s be honest, pretty mild) test, a journalist accessed the device’s camera and microphone remotely, pulling live footage and audio without ever stepping foot inside the building.

Now imagine that was your office boardroom. Or a patient consultation room. Or your kid’s bedroom.

Need Help Locking Things Down?

Invotec helps Aussie businesses take control of their IT infrastructure—from cloud platforms to connected devices. Whether you’re managing a smart office, a secure healthcare facility, or just want peace of mind that your cameras aren’t livestreaming to hackers overseas, we’ve got you covered.

Talk to us today about securing your IoT environment before your connected devices become your biggest liability.