(Please see my updated answer)
TL;DR: As a GM, I would call that the Technomancer is right, and the GM should rethink hacking devices slaved to hosts. If a device is wireless, you can hack it like normal, using the host's rating as a firewall (unless you have DNI, and then you just attack it directly). Just like a PAN, devices are still visible to the Matrix even when slaved. Icons in the host are assumed (by me) to be virtual. Look at the Dante's Inferno example if you want to know why I assume so.
I've been searching for prime book examples, but it's hard to find it spelled out. So, below is the research I did, followed by my conclusion.
First, on 216:
wide area network: A set of devices slaved to a host.
This sets what we already know: You can slave a device to a host. I wanna make sure we define what a host is, so on page 219 we find:
Hosts are virtual places you can go in the Matrix. They have no physical location, being made up of the stuff of the Matrix itself.
Simple enough, right? Hosts are servers on the cloud.
I found this bit at the top of 221 interesting:
High-class hosts advertise "No public-grid connections allowed" to show how their clientele are elite.
Alright, so we've established that hosts can block people who are connecting from certain grids.
Page 224 has an example of attacking a host, but using a DNI and connecting directly to an offending unit. But they do say this:
He ignores the bank's firewalls surrounding the lock, attacking the lock through his direct link.
This tells me he has the option of hacking the lock using the Matrix, but he'd have to go against the firewall. Instead, he's using a DNI, so no firewall. And he's not even on the host yet. Key piece of data there, but let's read on to see what else we can find.
I found a bunch more relating to the effects of attacking hosts, but that's not needed. Hmm, what else.
Ah, on page 233:
There are risks to slaving devices. Because of the tight connections between the devices, if you get a mark on a slave you also get a mark on the master. This happens even if the slave was marked through a direct connection, so be careful about who you give your slaved devices to. This doesn’t work both ways; if you fail a Sleaze action against a slaved device, only the device’s owner gets the mark on you, not the master too.
There are also wide area networks, or WANs, with multiple devices slaved to a host. A host can have a practically unlimited number of devices slaved to it, but because of the direct connection hack you rarely see more devices than can be protected physically. If you are in a host that has a WAN, you are considered directly connected to all devices in the WAN.
So, we've established that devices can be slaved to a host via a WAN. Alright. And it looks like you CAN attack a device without being on the WAN, as per the example, but you'd have to go through the host's firewall. Alright. And if you get a hit, you get a hit on the host, of course. Let's keep going just in case, but right now it's looking like the GM might need to rethink the rules. But, let's read on, I know there's more:
Page 236 gives us:
If you can show a device or host or whatever that you have the right mark, you can go where you want to go.
And later:
There are three ways to get a mark on an icon. The first is the legitimate way: the icon invites you to add a mark. For example, when you pay the cover to get into the host of Dante's Inferno, the host sends you an invite to mark it so you can enter and join the party. The other two ways are by hacking, both Matrix actions: Brute Force (the loud way) or Hack on the Fly (the sneaky way).
So accessing the host requires that you have a mark. But the previous example implies, to me, that you didn't have to have access to the host to hack the maglock. So far it all seems in line.
Page 239 has the Enter/Exit Host action, which requires a mark on the host. So, you'd have to be able to hack the host before you can get inside. And since slaved devices are hackable points, that tells me, still, you don't have to be on the host to hack the devices.
Page 246 says:
Each host is on a specific grid. Like the rest of the Matrix, a host can be accessed from any grid.
So, there's that. I guess hosts can ban people from a certain grid, but you can still hack into it from the public grid. You just won't be invited. But wait! I found a section about icons being drawn into the host!
Page 246 also said:
The virtual space inside a host is separate from the outside grid. When you’re outside of a host, you can’t interact directly with icons inside it, although you can still send messages, make commcalls, and that sort of thing. Once you’re inside, you can see and interact with icons inside the host, but not outside (with the same caveat for messages, calls, etc.).
The thing I want to point out is that there's no mentioning of hosts being able to put their slaved device icons internal, because these are physical devices and they're just being slaved. So, if the device is wireless, then you can hack it. If it isn't, you need a DNI or access to the host.
Best Answer
Invited marks are recorded. The Matrix chapter details how an invitation includes a duration, and if you log off and return to the Matrix before the duration expires, you are automatically extended a new invitation to mark that host until the duration is up. Presumably, a spider or HR manager can view and edit the list of invited marks, to remove invitations from people who have resigned or been terminated so that they can't continue to access their former employer's host. The Patrol IC program is specifically shown in one of the hacking examples to go around examining personas inside the host to make sure they're supposed to be there, and it mentions the decker in that scenario hoping the spider isn't around to make his own Matrix Perception checks.
A successful Matrix Perception test can identify a unique persona. Should a Patrol IC or a valid user (maybe someone that says "Hey, I don't recognize that icon..." or a watchful spider on patrol) identify a persona that doesn't belong on that host, it's safe to assume they'll set off an alarm. In a corporate environment, the ordinary users probably just notify the spider, giving you a bit more time before the heat really comes down (the spider needs to verify the problem before deploying the IC that can shut down production). In a more public environment - like a club - ordinary users probably have no clue who is and isn't allowed in, and thus only the spider (if there is one) and Patrol IC (if they're there) are likely to spot you.
Running silent is a double-edged sword. It allows you to actively resist being scanned by Matrix Perception tests, but if you're found running silent on most hosts, they'll automatically assume you're not there legally. Hard choices all around.
On a final note, this is one of the few places where a Technomancer truly shines over a decker. Using the Puppeteer Complex Form, the Technomancer can cause a device to use the Invite Mark action (marks: 3; duration: unlimited). Assuming invited marks from slaved devices also give marks on their masters (the way hacked marks do), you can get onto a host's list of invites that way. (That part is really subject to GM interpretation, though, I'm afraid.)