Yup, that sounds about right. In this February, 2014 panel interview with IoT security observers Roger Johnston, Joe Klein and Jake Williams, the following key concerns were voiced (this is a summary and examples given are mine):
- Loss of privacy - monitoring people in a way that's hard or impossible to detect. Drone mounted spy cams. Secretly commandeered microphones and cameras on mobile devices. Inadequate protection at the server end, or en route to the server, of the massive amounts of data that are gathered.
- Sabotage - drones being shot down. Sensor motes being ripped out of their housing. GPS trackers being disabled by truckers and taxi drivers. IoT clients can be small - very small. And they can also be deployed remotely over wireless networks, leaving them physically vulnerable
- Safety - actuators and the devices they control (robots, drones, power turbines) being hacked and made to go berserk, a la Stuxnet.
- Loss of sensitive data - at the client, at the server, and en route between the two. It's big data, meaning there's a lot more of to be compromised than, for example, with little data.
In general, there's little to no security being built in to IoT products and systems today, and there are no credible security standards to build to. The only people speaking up about this are security professionals, whose valid concerns, I expect, are likely to fall mostly on deaf ears or the ears of other security types, until a serious incident or two takes place (just like the way it went with the "traditional" Internet).