Andrew Tierney was in high school when people were just starting to get internet at their homes. But he was already "online"—as much as anyone could be at the time. In his spare time, he used to connect to BBSs, short for Bulletin Board System, the precursors to online forums.
So when he saw that his high school's heating system had a label with a phone number on it, he figured that, maybe, he could connect to it. As it turns out, he could.
After hours of trial and error, he figured out that the heating system's makers did not put any authentication or security protocols in place. So just with that number, and some fiddling, anyone could control the system remotely. Essentially, he hacked it.
Years later, Tierney and his colleagues created the first-ever proof-of-concept for a smart thermostat ransomware, proving that Tierney has a special relationship to internet-connected gizmos.