Edit: maybe where I was coming from is not entirely clear, tried specifying it better here: https://news.ycombinator.com/item?id=47255003

========

I can materialize that smell for you, you're indeed more secure because you're behind NAT. Admitting this does not necessarily entail:

- suggesting that it's a good security solution

- suggesting that it's a security solution to begin with

- suggesting that it somehow prevents all avenues of remote exploitation

What it does do is make these stories sound a lot less dramatic. Because no, John Diddler is not going to be able to just hop on and get into your child's smartwatch to spy on them from the comfort of their home on the other side of the world at a whim, unlike these headlines and articles suggest at a glance. Not through the documented exploitation methods alone anyways, unless my skim reading didn't do the paper justice.

Remaining remote exploitation avenues do include however:

- the vendor getting compromised, and through it the devices pulling in a malicious payload, making them compromised (I guess this kinda either did happen or was simulated in the paper, but this is indirect and kind of benign anyways; you implicitly trust the vendor every time you apply a software update since it's closed source)

- the vendor being a massive (criminal?) doofus and just straight up providing a public or semi-public proxy endpoint, with zero or negligent auth, through which you can on-demand enumerate and reach all the devices (this is primarily the avenue I was expecting, as there was a car manufacturer I believe who did exactly this)

- peer to peer networking shenanigans: not sure what's possible there, can't imagine there not being any skeletons in the closet, would have been excited to learn more

List not guaranteed complete. But this is the kinda stuff I'd be expecting when I see these headlines.