Many of the great hacks have involved breaking through 2 layers of supposed security. You break into the 3D printer, which lets you send packets on the local network. Then you use that to break into the exercise bike, which has a camera because it's based on a generic tablet.

Either vendor might see the flaw as low-severity. So what if someone can send packets? So what if someone already on the local network can hack the camera? But combine them and you're pwned.

"You're safe as long as every device on the network you're on is safe" isn't safe.

In theory I should be able to take a modern browser/device over a completely compromised router and either be safe, or have my device tell me "holy shit, something is wrong".

The days of local trust should be long gone by now.

> a hypothetical scenario where the watch has a publicly reachable IPv4 address

Or one of your other IoT / smart home devices / malware on your PC is doing local network reconnaissance? Connecting this device to a public wifi? Or just a bad neighbour who hijacks your SSID? This smells of "I'm secure because I'm behind a NAT" which conveniently ignores the couple dozen other paths an adversary could take.

The source site/paper won't load for me at this time, but if the device has a cellular modem in it for network connectivity, it will 100% be assigned an IPv4 address from the carrier. Unless this device is using an APN at the carrier level, or is using a SIM provider that provides some additional security.

> the watch has a publicly reachable IPv4 address

Attacker reachable, presumably? Like from a hacked cable modem or wifi router?

> Suffice to say, that is really quite unlikely, certainly in my experience at least.

Why is that? Are the cellular carriers blocking access?