Re: How are these devices accessed from the internet though?
UPNP is convenient. There's no denying that, and I suspect it's been a godsend for the average user. But for me, and I suspect for around 75-90% of El Reg readers, the benefits it offers are outweighed by the security risks inherent in it because what it does is not all that difficult to manage better manually. Instead of half a dozen devices opening who knows how many holes in your firewall to talk to the outside world we can open just one port connected to a hardened web server that provides the control interface for our IoT devices (or, better yet if you have a router that supports it - not all consumer grade ones do - set up a DMZ). Such a task should be well within the capabilities of anyone who works in IT and completely negates the need for UPNP. Then you can turn off UPNP on your router and thus greatly improve your network security.
That's pretty much the route I've taken with my IoT devices, but then both my current IoT devices (a smart power strip, which is also the above mentioned hardened web server because it was my first IoT device so it made sense to have it run its own control server, and a much-fancier-than-strictly-necessary alarm clock) were hand built around small SBCs so they were built from the ground up for that sort of control. I also don't have any game consoles or the like to worry about (or, more accurately, they haven't been plugged in for so long that I'm seriously considering just selling them).
Biting the hand that feeds IT
