With the explosive growth of the Internet of Things (IoT), both spies and hackers are feasting on a new universe of poorly secured technology.

Recode quotes a top spy from the US National Security Agency who spoke with surprising candor about IoT’s security vulnerabilities. These vulnerabilities stem from the increasing complexity of the technology which, for cyberspooks like the NSA, offers a goldmine of eavesdropping potential.

“As my job is to penetrate other people’s networks, complexity is my friend,” said NSA deputy director Richard Ledgett at a Washington conference.

He added that the connected nature of these new IoT devices allow both spies and hackers a wireless window of opportunity. Indeed, hacking of connected technology is expected to send the IoT security market into overdrive in the coming years.

“The first time you update the software, you introduce vulnerabilities — or variables, rather,” Ledgett said. “It’s a good place to be in a penetration point of view.”

IoT offering spies more back doors?

And there is growing evidence that network penetration by intelligence agencies and cyber criminals alike is becoming easier thanks to the dramatic increase in IoT devices globally.

A Hewlett-Packard study from 2014 found that many IoT devices were shipped from the factory with low security passwords.  As well, a Veracode report from last year discovered many basic security weaknesses in such devices as hubs for home IoT networks and even garage door openers.

Ledgett even admitted that the NSA is researching potential security exploits in such biomedical equipment as pacemakers, as another “tool in the toolbox.”

In his unusually frank speech for an upper echelon NSA representative, Ledgett said that the agency finds it easier to track terrorism suspects or foreign spooks through other avenues of surveillance.

Meanwhile, others in the American intelligence community have broken silence about IoT’s as potential wellspring of actionable intelligence for both friendly and enemy spy agencies.

James Clapper, director of US national intelligence, said at a Senate hearing this year that foreign spy agencies may be specifically targeting IoT devices. They may be using the connected technology for eavesdropping, surveillance, recruiting moles or gaining network access.

So beware, your connected coffee pot may be spilling the beans to spooks with every steaming cup.