You have WiFi all around your house, and because you are security-conscious, you have activated some kind of WiFi security that requires a password. Great.
Now you go out and buy some cool internet-enabled Things, like lightbulbs, garage door openers, sprinklers, a scale and so forth. And because you are still security-conscious, of course you set them up with WiFi security. Can’t have the neighbors spying on your weight loss program, can we?
Except that now all of a sudden, each on of those Things has your WiFi password. In cleartext. (It has to have access to it in cleartext, otherwise it couldn’t connect to your WiFi.) Some of those things will break (like lightbulbs), and you will throw them away or recycle them. Some of them will be outside of your house, in your backyard, with no physical security.
Unlike your computer, laptop and cell phone, which are expensive and you keep track of really well, there are many of those Things, and many of them are really cheap.
Each one is a great way for somebody to get access to your WiFi password.
Now you might ask: who would go through the trouble? Well, if all you do is watch Netflix over WiFi, indeed. But what if you are a small business? Work on an important and highly confidential project from home for some major company? Or a journalist with a great scoop?
As T.Rob and I were speculating before, we will need to separate the network for Things and other things sooner or later. I don’t see what else can be done. Ask your favorite IoT vendor about this. If they haven’t thought about this scenario, perhaps you need to take their security claims a little less serious.