The instant an Arduino or Raspberry Pi connects to the web (with a public IP) it is out there for anyone – or anything – to detect.
In our connected devices class, my classmates and I all saw this vulnerability firsthand. After leaving our connected thermostats on for a week, we experienced our devices being scanned and sometimes attacked by machines from across the globe.
I have Phillips Hue at home, so using the nice instructions from ITP Light & Interactivity I was able to connect to my home’s hue setup as a developer. Here is a snapshot of my home’s current setup (collected through a GET request after connected):