[bitmapbrother]

If IoT is a messy problem and Android is the device most at risk depending on the age, manufacturer and carrier of the device then where are all of the Android based IoT attacks? Android has been around for 10 years and nothing has materialized. What ever happened to the supposed armageddon like the one predicted by the technology blog pundits when Stagefright was revealed? The fact is that not 1 Stagefright exploit has ever been seen in the wild by Google's SafetyNet telemetry system. And even if an exploit does manage to bypass the Android security mitigations in place the diversity of the ecosystem makes it so that an exploit for one device isn't going to work on a device from another OEM.

The real source of all of these IoT attacks are linux based IoT devices that have been compromised by users not changing the default login credentials or attackers using one the many Linux exploits available. And I won't even get into the never ending damage inflicted by Windows. That's what you should really be worried about.

Here's a video of how Google plans to secure their Android Things IoT devices. If another company has a better plan than what they presented at I/O 2017, short of unplugging it from the Internet, then I'm not aware of it.

https://www.youtube.com/watch?v=U4QBI4PJj8Y