Devices on the local network have significant access to everything else on that network.
If you install a device which has some security problem in it which allows remote access, that device can then be used to attack other devices from inside the network, bypassing the router / gateway / firewall or whatever is installed.
Mitigated by connecting all the IOT crap into it's own network partition, but most home users won't know what that is or how to set it up.
No, because such access would require a known security vulnerability on the PicoW or whatever it was running.
Most of the security problems are with consumer grade devices such as smart TVs, thermostats, smart plugs and so on.
Some random examples:
Learn the top 10 vulnerabilities leaving your IoT devices exposed to attack, plus PKI management solutions for each of these problems.
venafi.com
Millions of security cameras and other internet of things (IoT) devices were found with critical security flaws involving peer-to-peer (P2P) communications technology. The weaknesses can expose the devices to credential theft, eavesdropping, and hijacking.
www.trendmicro.com
A new vulnerability targets Thales, a leading maker of IoT components. Learn how the X-Force Red team identified the security flaw and best practices for addressing the risk.
securityintelligence.com
When such problems are found, devices can be updated to fix them. However vast numbers of consumer devices won't be updated because the manufacturer either decides not to support the product any more or there is no update option.
Windows 98 and other DOS based Windows are no longer a problem, because no one uses them any more. That entire product line was made obsolete over 20 years ago. DOS and the Windows which ran on it are dead.
They were single user operating systems where everything ran as the admin / root user and had basically no security of any kind. Designed long before individual internet access was considered.
