(a)he causes a computer to perform any function with intent to secure access to any program or data held in any computer [F1, or to enable any such access to be secured] ;
(b)the access he intends to secure [F2, or to enable to be secured,] is unauthorised; and
(c)he knows at the time when he causes the computer to perform the function that that is the case.
The access was definitely unauthorised (b), and he knew it (c). So the question is whether IoT targets count as computers, for the purposes of the act, got (a) to apply
Re: Criminal offence
Unauthorised access to computer material.
(1)A person is guilty of an offence if—
(a)he causes a computer to perform any function with intent to secure access to any program or data held in any computer [F1, or to enable any such access to be secured] ;
(b)the access he intends to secure [F2, or to enable to be secured,] is unauthorised; and
(c)he knows at the time when he causes the computer to perform the function that that is the case.
The access was definitely unauthorised (b), and he knew it (c). So the question is whether IoT targets count as computers, for the purposes of the act, got (a) to apply