These concerns are not new. You can find articles going back 10+ years talking about the poor security of Internet-connected home automation devices. It’s only been in the past couple of years that the BOM for these has become so cheap that suppliers can mint these devices by the truckload for pennies.
This is not a dumpster fire (god, I am so sick of this analogy). It’s more like one of those underground coal mine fires that burns for decades.
Creating cool Internet connected devices is easy. These days someone even marginally technical with little electronics knowledge or experience to slap together a wi-fi connected dohickey that monitors the temperature of their home, sends you a text if you leave a window open, or turns your lights off/on for a tiny cash outlay and some copypasta code. It’s seriously easy, you guys.
What’s hard is security. It’s hard to get right. It’s hard to use. It’s hard to implement. User experience sucks. It costs real time and money. It’s a discipline that very few are truly expert at. Governments, corporations, financial institutions – organizations with millions or billions of dollars spent to ensure proper security are still getting hacked all the time. Do you think some cheapo device with the computing power of a calculator watch built for pennies will be able to do any better?
Remember how everybody used to connect to the Internet without anything like a firewall? Remember how you could take down Windows NT machines remotely by constructing a specially crafted SMB packet? Security is an always evolving thing and almost always takes a back seat to the sexy user-facing stuff.
Not saying it’s right or defensible but it’s unsurprising and typical.