Where's the pain-free device with open source, easily upgradeable firmware, that puts all of our IoT devices in their own private network but lets us tunnel through to them? It needs to be easy enough that our (grand)parents could pick one up on Amazon, Best Buy, or Home Depot and plug in and go...
If these are connected by cellular, they are given a private network that does not connect to the public internet and are in-accessible from the public internet unless the app provider explicitly chooses to do so
Most better home routers can restrict devices connecting to the internet (either through the Firewall or more comfortably configured through family filters) and offer VPNs to the internal network?
It's called PLAN (short for physical LAN). It doesn't need a managed switch, like VLAN, because you just use one switch for each network. Careful: Don't connect them.
Found this when googling the strange '7ujMko0admin' password in Mirai: http://www.cam-it.org/index.php?topic=9396.0 So it looks like the Chinese manufacturer that they target is Dahua.
Until Web Bluetooth opens those devices to exploitation from internet websites. It would be best if Bluetooth remained isolated from web browsers, but the powers that be want websites to be able to talk to them.
A good initial step is not to have a default password. There was a time when all routers came with a default password and people were told to change it. They didn't. Now most new routers come with a randomly generated unique password printed on a sticker under the router. IoT devices should follow the same practice.