This should provide some fuel to the "Internet of Things hacking will bring the world to its knees" people. The vast majority of these devices have no meaningful patching policy. Default username/password is one thing but there are many other vulnerabilities.
My prediction is "Internet of Things" will begin to transition into "Local Network of Things (Accessible via VPN or Gateway)" for this exact reason. It'll still appear as "Internet of Things" to most end users though.
Something with a higher bar of quality than the typical consumer electronics you pick up in the bargain bin at Newegg/Amazon/Wal-Mart.
I think it's within the realm of possibility for consumers to install routers/gateways that are competently engineered. It's flat out impossible to ensure every IOT device a consumer owns has even the most basic security principles covered.
If a home has a desktop or media PC, it could potentially run a router/gateway VM on platforms like Qubes, Genode, etc. The router VM would be isolated from desktop/media VMs, and would have the benefit of running a BSD/Linux x86 OS that has automated updates. New wifi standards can be supported by upgrading a USB or PCI WiFi adapter, rather than buying a new router.
