Re: Is patching even a good idea?
Patching is a great idea, when it's done right. But usually it's done with the same forethought that went into creating the software in the first place. I.e., none.
A while back, an anonymous researcher used the IoT to map out all of the corners of the Internet. At that time, I and everybody else paying attention, realized that all of these IoT devices would make a hell of a botnet, or mining net, or whatever else you wanted. And now we have Akami being nailed until they screamed.
What can be done now? Shut down service to the people with the unsecured IoT devices. Unfortunately, that takes effort at the ISP level, and there's not much chance of them doing anything without legal penalties being implemented. And that takes time.
There is no good solution that doesn't involve effort. People are going to buy these cameras, point them at the baby, open a port in their home router, and tell Grandma to have a look. No manufacturer is going to put time into securing a $20 device, even if it can be easily hacked to DDOS world+dog.
There's no penalty for bad security.