Security researcher here: Theoretically? No. Practically, absolutely.

If there’s a device out there connected to the internet, it likely has some services running on it, and due to the complexity of software development/networking/much more, no one person knows everything a device is doing. This is where criminal hackers come into play, by applying common research techniques as well as reverse engineering skills, they are able to develop exploits that take advantage of flaws in software and services.

The general rule in security is that “everything can be hacked”*, but the defensive idea is to make it so time consuming and not worthwhile for criminals to try and attack. No one wants to spend 2k hours trying to make your smart fridge warm(Well, at least most criminal hackers, I’d like to imagine(though I’m sure there’s a few out there!)).