Since IoT device only contained limited free space and memory and therefore it is hard to install the defense solution. A concern of the intellectual property right and therefore vendor do not want to disclose the firmware of their products. So it lack of knowledge let 3rd party vendor developer value-add defense solution. IoT looks like a ant in cyber world. In certain point of view, they are nothing in your point of view. However careless mistake especially do not change the default admin password could took the IoT join to criminal cyber army task force. Perhaps some IoT devices do not have instruction for end user how to modify the password. As time goes by they are a potentail dark force.
The following are important steps you should consider to make your Internet of Things secure.
1. Choose the appropriate product – conside the IoT products which can change the default password.
2. Ensure you have up-to-date software install in your IoT device.
3. Consider whether continuous connectivity to the Internet is needed.
Below article is the analytic document issuded by FBI for your perusal.
Subject: Cyber Actors Use Internet of Things Devices as Proxies for Anonymity and Pursuit of Malicious Cyber Activities