Unless there's some grand awakening among electronics manufacturers about security, none will have the firewalls or end-user authentication processes that might slow down a bit of smart malware hoping to find its way from the STB to your laptop to swipe your banking info or sign up for duty in a local botnet.
There's plenty of risk right now, but not much of a threat. The vulnerabilities exist, but as far as I know, no one is taking advantage of them.
That won't last long.
For much of the last few years the biggest security threats were aimed at big companies with big piles of secure data that could be stolen. It's more efficient that way, just as it is to rob a bank rather than mug 1,000 people on the street.
Hacking an individual PC or a home network was simply not worth the effort it would take to accomplish it, unless the PC or network then becomes an asset to the hacker -- a set of nodes in a botnet used to distribute the malware further, launch DDoS attacks, or act as a proxy server so that badly executed penetration attempt on the Pentagon looks as if it came from your house rather than a sweatshop filled with out-of-work programmers from the Ukraine.
That changed when it became clear it was more effective to spear-fish for suckers who work for the company you're trying to penetrate than it is to shotgun malware all over the Internet and hope someone with access to useful servers is infected.
It's only a matter of time until your TV will be watching you
The evolution of malware to the point that they can adapt to the random assemblage of hardware and configurations they find in strange environments made the value of attacking individuals even more clear, and automated the process to boot.
Stuxnet descendant Duqu, for example, assembles most of its working parts only after infecting a machine, by phoning home for attack modules appropriate for the environment in which it finds itself.
There's not much doubt someone will eventually take up the challenge of doing something similar to infect home networks by infecting their TVs, STBs or cable routers, possibly by downloading directly onto the device when someone in the house uses the TV to navigate to the wrong web page.
The only questions are, how long will it take before we have to be as worried about the sanctity of our digital entertainment systems as we are about our laptops and smartphones and whether anyone will be making security software to make the hack a little more difficult.
There's one more, kind of obvious question left unanswered, too: Even, if all that happens, knowing there's a risk, an immediate threat and something we can do to defend ourselves against it, how many of us will actually do anything about it?