Saw this on Boing Boing, thanks again to Cory. Junade Ali at CloudFlare catalogs a few practices implementing IoT devices that contribute to the overall poor state of security. Importantly, there are recommend alternatives that maintain or improve security. We clearly need more of this, alongside existing resources like the OWASP security guide, both for manufacturers and for expert users to effectively hole them to account.
From security cameras to traffic lights, an increasing amount of appliances we interact with on a daily basis are internet connected. A device can be considered IoT-enabled when the functionality offered by its Embedded System is exposed through an internet connected API. Internet-of-Things technologies inherit many attack vectors that appear
Source: IoT Security Anti-Patterns