Impossible? Not really. Of course, there are some small problems that might appear.
BITDEFENDER has released a report about 4 well-known IoT devices (a WeMo Switch, a Lifx Bulb, a LinkHub and a MUZO Cobblestone Wi-Fi Audio). The findings shouldn’t be new to anyone, but are quite interesting. The full report can be found here: https://labs.bitdefender.com/2016/03/iot-hacking-report-confirms-privacy-is-dead/
According to http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html, some DVRs manufactured by TVT (and we suspect other IP-enabled devices too) are susceptible to a RCE (Remote-Code-Execution) attack. In computer security, arbitrary code execution is used to describe an attacker’s ability to execute any commands of the attacker’s choice on a target machine or in a target process. It is commonly used in arbitrary code execution vulnerability
A very interesting article to read upon regarding malicious Office documents received by e-mail. The full story here: https://isc.sans.edu/diary/Analyze+of+a+malicious+Word+document+with+an+embedded+payload/20377
What is a waf? A web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection. By customizing the rules to your application, many attacks can be identified and blocked. Any example? ModSecurity is an open
DNS is one of those things that usually work everywhere, anywhere, even if there’s a firewall or a security solution in place. An interesting article to read about this can be found here: https://community.infoblox.com/t5/Community-Blog/DNS-Data-Exfiltration-How-it-works/ba-p/3664#.VkT62sOQS1o.linkedin