I have not ever hacked into an IoT device, however, my understanding is that these type of connectivity-enabled devices are seldom well secured with strong passwords and network security.

Internet is never fully secured. So you need good security, don't go on public internet.

A great source of information around the threats of IoT vulnerabilties is the IoTSF https://www.iotsecurityfoundation.org/  - see the Publications and Resources tabs, particularly the Conference videos.  For an in-depth explanation of the challenges of securing Home IoT devices and ecosystems see Dr Nick Allott's video and the Many Secured Gateway Whitepaper at https://manysecured.net/ , which is an InnovateUK project with nquiring minds, IoTSF, Cisco and the Oxford University.  I believe that there may be an IoTSF limited membership deal that if you are able to contribute specialist knowledge to the Many Secured Gateway Special Interest Group (MS SIG) then you can you can join the SIG at no charge until Feb 2022 (it does not give you full Membership benefits, but check what the deal involves).


The DCMS Codes of Practice (or at least the most important three) are in the regulatory process at present and should become law later in 2021 (tbc). https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/773867/Code_of_Practice_for_Consumer_IoT_Security_October_2018.pdf  and https://www.gov.uk/government/collections/secure-by-design.