Aside another aspect is how to make the home impossible to live in case someone illegally occupy it (here, France, but essentially all south Europe is a relatively new but spread thing) while you are on vacation to be quicker than local authorities. Another one is avoiding connecting too much black boxes to their OEM homes.
Another final aspect is mere reliability, as a small anecdote: a neighbor due to some unknown issue have had roller shutters locked down because they have ONLY a wireless remote with a kind of ESP32 inside, all proprietary, no emergency manual opening, no access to the motor to power it directly or detach the break manually on the shutters. My home while "a bit smart" have a far little attack surface in that regard. For instance just to have central/remote lights control I've chosen a set of ShellyPro 4PM (the least expensive option of that kind I was able to find) witch operate remotely (LAN only, via HA or directly logging on the device, extended via wireguard) but i can also operate via classic mechanical switches and internally the Shelly are "dumb classic switch" + extras so if their fw crash from the physical buttons (not the one on the devices, but their normally open contacts) they still operate. For the car charger I'm obliged to go wifi (I find exactly no one domestic charging station with wired connections for control) but it's a dedicated WLAN (a small GL.iNet "stamp" size on the back of the charger, wired to a dedicated port of my homeserver on a completely separated LAN without internet access and the charger itself is MQTT/ModBUS-bridged to its local, internet-less controller/server for p.v. integration.
I can't do nothing for my car and well... Sometimes it's "app-service" to remote control A/C etc get connected to someone else car in another country and yes, I can monitor it and act on it when this happen (few times per years so far). No special hacking needed. No response from the vendor (MG/SAIC)... And for cars some demoed serious remote vulnerabilities able to physically make a car crash while running.
All those might be very rare events, but their seriousness it's relevant enough for me to avoid them as much as possible.
Aside another aspect is how to make the home impossible to live in case someone illegally occupy it (here, France, but essentially all south Europe is a relatively new but spread thing) while you are on vacation to be quicker than local authorities. Another one is avoiding connecting too much black boxes to their OEM homes.
Another final aspect is mere reliability, as a small anecdote: a neighbor due to some unknown issue have had roller shutters locked down because they have ONLY a wireless remote with a kind of ESP32 inside, all proprietary, no emergency manual opening, no access to the motor to power it directly or detach the break manually on the shutters. My home while "a bit smart" have a far little attack surface in that regard. For instance just to have central/remote lights control I've chosen a set of ShellyPro 4PM (the least expensive option of that kind I was able to find) witch operate remotely (LAN only, via HA or directly logging on the device, extended via wireguard) but i can also operate via classic mechanical switches and internally the Shelly are "dumb classic switch" + extras so if their fw crash from the physical buttons (not the one on the devices, but their normally open contacts) they still operate. For the car charger I'm obliged to go wifi (I find exactly no one domestic charging station with wired connections for control) but it's a dedicated WLAN (a small GL.iNet "stamp" size on the back of the charger, wired to a dedicated port of my homeserver on a completely separated LAN without internet access and the charger itself is MQTT/ModBUS-bridged to its local, internet-less controller/server for p.v. integration.
I can't do nothing for my car and well... Sometimes it's "app-service" to remote control A/C etc get connected to someone else car in another country and yes, I can monitor it and act on it when this happen (few times per years so far). No special hacking needed. No response from the vendor (MG/SAIC)... And for cars some demoed serious remote vulnerabilities able to physically make a car crash while running.
All those might be very rare events, but their seriousness it's relevant enough for me to avoid them as much as possible.