The book mention that Personal Area Networks are composed of a commlink and/or a deck, with small number of 'devices slaved behind it'. That generally speaking, 'in order to get to a device attached to a PAN, one must first gain access to that PAN' (I read that as devices out on the grid that are protected by a personal area network will use the firewall of the network it is protected by).
In this edition there is actually no mentioning about 'slaving' devices to a host, but it does mention a similar concept to the PAN above in that hosts may have 'devices on the inside' and in order to gain access to 'devices on the inside' you first need to gain access to the host (I read that as devices out on the grid that are protected by a wide area network will use the firewall of the network it is protected by)
There also seem to be a concept of unattended hosts (that only defend with its own Firewall) and hosts that are attended / defended by a spider (that defend with a combination of the mental attributes of the spider and its own Firewall).
It seem plausible that also a device can be considered unattended (in which case it no longer defend with its owners mental attributes) or attended (in which case it defend with its owners mental attributes).
It also seem plausible that a devices can be not 'behind' a commlink and/or deck nor on the 'inside' of a host (not protected by any network and thus does not have a firewall rating to defend with).
And there are also actions that does not require that you are on the inside of the network at all. Actions that work perfectly fine directly with just outside access. This seem to imply that devices 'behind' a PAN as well as devices 'on the inside' of a host are still actually 'on the matrix' and can still be directly spotted or directly targeted by outside access actions (such as Data Spike).
...but due to the wording for hosts it
could also mean that devices 'on the inside' are literally actually 'inside' the host and that you first need to 'enter' the host in order to access the device, that the device is not present on the matrix at all and even outside actions such as data spike cannot be used against the device until you actually enter the host.
If a device, say a gun or car, is slaved, then when I Hack the device I'm really hacking the Master/Network since access is based on Network and not Device.
Whatever level of Access I get, I have that Access level on all devices on the network? Is that right?
Generally speaking, yes. But it depend on what you mean when you type "Hack the device".
You can for example take the Data Spike action on the device directly no matter if it is 'slaved behind' a commlink, 'on the inside' of a host or not part of any network at all.
If the device is part of a 'network' then your action is opposed by Data Processing + Firewall of the network.
If the device is not part of a 'network' then it will not defend at all.
You can use the Brute Force action to gain User access no matter if it is 'slaved behind' a commlink, 'on the inside' of a host or not part of any network at all.
If the device is part of a 'network' then your action is opposed by Willpower of the owner + Firewall of the network.
If the device not part of a 'network' then your action is opposed by just Willpower of the owner.
If the device is part of a 'network' and you already have User access on the network (for whatever reason) then you don't need to take the Brute Force action again. You are already on the inside of the network. You already have User access. You can already take actions that require User access.
If the device in the example above was... an elevator. Then you can take the Control Device action (which require that you have User access) to move it to the 23rd floor.
If the device was part of a 'network' then your action will be opposed by Willpower of the owner + Firewall of the network.
If the device was not part of a 'network' then your action will be opposed by just Willpower of the owner.
Anyway, that is how I read it.
Rules are a bit new to me so I can be mistaken of course :-)