I can't believe I am hearing so many "Don't buy it" or "throw it away" comments on the comments section of an IT/Technical new site.
FFS we're supposed to be tech savvy people, but the attitude here seems to be "nope, we will never ever use IoT devices" fingers in ears, I can't here you.
If people took that attitude when motor cars first appeared, we would all still be driving around with a man waving a red flag in front of us.
There is at least 3 prongs of attack here.
1) Improve the DNS system, and add filtering and security measures at ISP level. Boo hoo is ISPs complain, every other industry at some point needs to improve their systems to improve safety. Safety here is digital/online safety.
2) Educate and Legislate so that products released to market at least follow some basic common sense security principles, like encryption for a start.
3) Ensure that IoT devices and firmware updates are rolled up within mandatory product liabilities. In my industry our products are UL864 compliant in the states, and EN54 in the EU/UK. We must ensure that spare parts are available for 10 years after we cease production of a product line, and that includes our software updates.
Granted, none of this is easy, but it's what we must do.
In principle there is nothing wrong with IoT. Some devices seem plain ridiculous, but there are a lot of areas that IoT is useful, so rather than just trashing it and throwing the whole idea in the bin, maybe as an industry we should be working to improve the situation?