Most "smart" devices out there need to be called "smartly dumb" devices. No kidding. DrFrag said it all
The less malignous will do what they are supposed to do without being pirated, until the vendor closes the server because it doesn't fetch enough money anymore. The most malignous will spy on you for the only reason to make more money by selling your data to anyone wanting to give them some money. But most of them will do many things we can already do, but from your couch, and at the price of some random pirate being able to do the same thing. This often happens because developers throw a few hours to develop a quick interface that they don't care to secure at a decent level. Today, there are free libraries which allow to minimally secure anything (
TLS for example, at the base of HTTPS protocol) ; only using this kind of library isn't enough, but will make things a lot more difficult for would-be pirates but just preventing them to see the messages sent by the device. A little more efforts would allow to raise the bar significantly higher again (secure logins anyone?). But it requires a few hours that vendors aren't willing to pay for.