Were you mischievous in school? Did you look at each item in the classroom and wonder, "How can I make that backfire on teacher?" Then your industry needs YOU! If you've ever caused a denial of (classroom) service by applying vaseline to a doorknob, swapped the signs on the gents and ladies loos, or filled in a classmate's name on a blank detention slip, then you can also sniff your local network for unauthenticated protocols, exploit IDN for fun and profit, and reverse engineer your (friend's) bank card. If you can send an SMS which says "Hello" to a mobile phone, what ELSE can you send? Can you really play tetris on the next towerblock along by ... persuading their power control systems? The engineers never believed THAT would be connected to the internet, so why does it need a password. Go and google for "default password" right now. If you're really brave, or living in a jurisdiction where it's legal, go and google for "default atm password".
So yes, perhaps it's better to stick to playing with devices you own and "control" - another debate which those of us with a security mindset have been following fairly closely, and a topic for another post. Neither of us is a lawyer, but a basic grounding in what is legal in your jurisdiction is essential. And if you think any of the above suggestions is a joke, ask me privately. Naturally, I do not, nor have I ever done anything suggested above. Except the vaseline on the doorknob, that was funny.