While I have been pointing out the risks of using Smart Devices and adopting the Internet of Things (IoT) over the past year, there has definitely been a gathering recognition among the security industry - and now the news media - about these risks. Certainly, the high profile outage of Twitter, Spotify, Pinterest, Google and Netflix last week focused attention on the security vulnerabilities within IoT devices. Now people are starting to realize the potentially scary scenarios that are just wait to happen thanks to the poor security around these devices.
It's great that more people now share my concern, and many are trying to identify solutions. But here are my reasons why many of the devices you've already purchased may always be vulnerable - and you may need to throw them away to stay safe.
TL:DR - Sometimes security people make sweeping statements without considering how they will be interpreted, or their effects on people in different stakeholder groups. We need to stop saying "Security education and studies are a waste of time" when we really mean, "Developers should do a better job of building security into their technologies".
For as many years as I can remember, security professionals have been arguing about whether or not security awareness training has value. Even still, security experts feel that individual users or employees should not be required or counted on to learn about security threats and vulnerabilities. Their rationale seems to be that security technologies should really be able to compensate for vulnerabilities well enough that humans should not need to worry about the risks they face. In fact, Bruce Schneier one of the most respected security thought leaders, has taken this position more than once. But I'm not sure that making these kinds of statements is helpful to anyone, except perhaps developers of security products.