Many of today's attacks against consumer IoT devices have been largely conducted by researchers with the goal of bettering the state of IoT security. These attacks often gain wide attention, and many times result in changes to the security posture of the device being tested. Conducted responsibly, this type of white hat and gray hat testing is valuable because it helps manufacturers address and fix vulnerabilities before widespread exploitation is achieved by those with less benevolent motives.
It is generally bittersweet news for manufacturers, however. Many manufacturers struggle with how to properly respond to vulnerabilities reported by security researchers. Some organizations actively enlist the aid of the research community, and some organizations operate their own bug bounty programs for which security professionals are encouraged to find and...