Well if the employees manufacturing the guns take payments from criminals to alter the guns in some way to help them do bad things AND the gun company knows it, but ignores it then yes they should.
Given the direction of IoT devices, I hope the generic form (if the employees manufacturing the X take payments from criminals to alter the X in some way to help them do bad things AND the X company knows it, but ignores it then yes they should) of your statement is always true.