In this medium-technical talk I will be exploring some real-world failures of security in IoT devices. In each case the focus will be less on the vulnerabilities themselves, and more on the principles that were broken and the wider classes of weaknesses that can be introduced as a result. I'll also talk about not just the ways in which each individual vuln could be patched, but also the greater lessons that should be taken away from each situation in order to prevent their recurrence.