Similar setup. Two IP cameras, one wired with PoE and one WiFi. Both connect to my NAS via their own network that has no direct access to the WAN but can be accessed from the LAN or via VPN. I guess there could be some level of attack surface if someone is dedicated enough to gain access to my "normal" network (the one for PCs and stuff that access the WAN) and through this, gain access to the cameras.
But they don't announce themselves to the WAN and despite the fact that I may be naive, I don't think there is any reason I would be an attractive enough target for someone to try to gain roundabout access via a PC or phone on the WAN-enabled network.
Same thing with the Hues. No "cloud" stuff enabled and still work fine in the house where I need them to work.
I guess I like the idea of network-accessible devices (at least ones that make sense to control or access via the network) but there isn't much that I want accessing the WAN compared to the items that have the ability baked in.
I've annoyed several friends by pleading with them not to buy those "just connect to your wifi and view on our iPhone app!" cameras because I've seen how easy it is to find and exploit these via Shodan and friends. Most people don't ever even open the web interface to set up a password since it clearly shows up on the phone app and "it's just so easy!"
If the iot devices are on your same subnet they could easily be scanned and compromise by any compromised device with Internet access. This stuff is bundled up in toolkits that require little to no interaction by your attacker
But they don't announce themselves to the WAN and despite the fact that I may be naive, I don't think there is any reason I would be an attractive enough target for someone to try to gain roundabout access via a PC or phone on the WAN-enabled network.
Same thing with the Hues. No "cloud" stuff enabled and still work fine in the house where I need them to work.
I guess I like the idea of network-accessible devices (at least ones that make sense to control or access via the network) but there isn't much that I want accessing the WAN compared to the items that have the ability baked in.
I've annoyed several friends by pleading with them not to buy those "just connect to your wifi and view on our iPhone app!" cameras because I've seen how easy it is to find and exploit these via Shodan and friends. Most people don't ever even open the web interface to set up a password since it clearly shows up on the phone app and "it's just so easy!"