The one possible silver lining is that all the idiotic (of course the world needs web enabled light bulbs!) IoT manufacturers will be embarrassed or forced into 'discovering' basic security.

In the meanwhile though all the script kiddies must feel like they found nirvana.

You're right, and I can see this ending up becoming a major problem that IoT makers failed to envisage. Clearly, it's already an issue, and IoT is only just starting.

It's quite frightening just how easy if is to get involved with the IoT. With Arduino, Raspberry Pi and PC Duino to name but a few, it is becoming increasingly more hobbyist orientated with lots of open-source software and hardware projects out there. In many such cases, security is as good as absent at all stages!

Mack.

Is the hobbyist stuff going to be the problem though? The more powerful hobbyist devices like the Raspberry PI at least get software updates. The whole point of it is to tinker and do your own stuff - each install is going to be different and have different vulnerabilities. Very likely weak in the face of a targeted attack, but probably not to a bot attack.

Hobbyists may not be that security concious, but they are more so than naive end users who are the main buyers of things like network enabled webcams (and fridges, and whatever). These people will never notice that their devices are being used in a DDOX. The manufacturers do not care because most of their customers are not even going to notice that their devices are being used in a DDOS.