Re: Why does this stuff need to update ?
Maybe security should be designed, not into the IoT thingamabobs, but into the router/switch/hardware that talks to them. Let me clarify : a light bulb may be able to talk over the Internet, but only if there is hardware from an ISP connecting the household to the Internet. Yes, I know about the WiFi Ethernet attempts. One thing at a time.
If IoT can only work with a hardware portal to the Internet, then it is those things that can handle the security.
No no no no no no no no no no no no no! NO!!
Might as well not bother. We all know full well how (in)secure most routers are, and that only seems to be getting worse not better.
The only way to do security is design it in from the ground up. That requires protocols for shared interaction, time taken to research, develop and do things properly. Dare I say it even committees and working groups (argh!).
But no, have to rush to market with some pointless IoT-connected leaf mulcher just to beat the other guy who is also making a pointless IoT-connected leaf mulcher. Security by assumption someone else will deal with it higher up the chain is not security.
You might be happy enough for anyone to be able to turn on your lights and sky-rocket your electricity bill because you were reliant on your router to not let them into your IoT network. I doubt many other people would be so pleased.