It is estimated that by 2020, not so far from now, 20.4 billion smart home devices will be installed. Nearly doubling the number installed this year alone, there are IoT devices heated towards the whole family, from mom, dad, kids, and even pets. With this growing popularity though, security concerns grow as well — ignoring the safety and integrity of these devices enables risk.

McAfee Labs’ Advanced Threat Research team today detailed vulnerabilities in two smart home devices that could cause grief for users: a smart padlock and an internet-connected coffee maker.

The first device, called BoxLock, first made an appearance on the show Shark Tank and is designed to be set up outside a home to secure a package delivery container.

So-called “porch pirates,” people who steal deliveries from the front of homes, has become a growing problem in the U.S. in the age of home deliveries. The idea is by having a secure container, the delivery person can place the ordered item in the container and then secure it with the BoxLock.

The lock can be opened by via a mobile application or by using the built-in barcode scanner to scan a package that is being delivered. Homeowners can then later unlock the BoxLock to retrieve the delivered item once they return home.

If that all sounds great in theory, the implementation of security in the device was not. The vulnerability lies with the device’s use of Bluetooth Low Energy which can be used to download an app, send one command and open the lock.

The issue isn’t related to BLE itself but the specific implementation used by the vendor. The researchers were able to find a way, using Generic Attributes commands from a smartphone without the BoxLock app installed, to open the device.

The good news is that the BoxLock was responsive when the McAfee researchers approached them, both working with them to rectify the issue and roll out patches to the lock.

mrcoffeeSecond on the list is an internet-connected coffee machine, the Mr. Coffee Smart Coffeemaker enabled with WeMo.

WeMo is an “internet of things” platform from Belkin International Inc. that now finds itself appearing in other devices as well.

The coffeemaker accepts scheduling of coffee brewing via the WeMo app but in doing so does not properly validate requests. What that means is that the third-party with access to the network could schedule coffee-making on demand.

While that may not sound specifically nefarious, the coffeemaker could be forced on without fresh coffee in place potentially causing either burned coffee or in an extreme case even a fire.

Belkin did not respond to the McAfee security researchers but has since issued an update that addressed the issue.

“Most businesses, from Fortune 500s to mom-and-pop shops, will likely deal with a security breach or vulnerability disclosure at some point,” Steve Povolny, head of Advanced Threat Research at McAfee, told SiliconANGLE. “Those who are proactive and very public in addressing the issue have an opportunity to reinforce consumer trust and confidence.”

In the case of vulnerability disclosure, he added, “by engaging with the research team and coordinating on the mitigation and communication of the issue, vendors can set themselves apart in industries that are facing further security scrutiny from customers, shareholders and the general public.”

Getting into the habit of being mindful of IoT devices is essential when bringing them into the home. Routines like checking devices for unwanted connectivity features, updating two-factor authentication settings, and opening up a separate network for guests keep us mindful and protected from the risks. Even the FBI recommends resetting your router once in a while, to avoid VPNFilter malware. Habits as simple as regularly checking for security patch updates can make a huge difference against cyber criminals. As a household, ensuring everyone is on the same page when it comes to cyber safety and IoT connectivity makes for a secure home.

If it’s got an internet connection, it very well may be vulnerable to cyber attack. Do you know how secure your home IoT devices and also You.. are..?