The real problem is that these devices aren't secure by default, so no, the user doesn't deserve the blame, but we still have a shambling hoard of zombie doorbells because people bought them at Home Depot and didn't know they needed to lock them down.
Lookit me. I just found an Internet doorbell. And, because I'm a smart and savvy and CLEARLY NOT INCOMPETENT consumer, I read Cnet. So how do I, CLEARLY NOT INCOMPETENT consumer, protect myself from hacks? Fucking firmware update. So for two years, my shambling zombie doorbell has been sitting there, completely hackable, until a professional pentest firm decided to make headlines. And now, in order to lock it down, I have to open it up to the Internet to download a firmware update. Of course, someone would have to physically go and touch the lock to do this but hey - apparently there's big gaping holes in ZWave too. And how do you fix that? Firmware update. The real problem is the IT community is perfectly happy to level the blame at users anyway. The difference between a Zwave vulnerability and a Heartbleed vulnerability is what, exactly? And what did TechCrunch have to say about Heartbleed? Oh my god the sky is fucking falling. So let's review - if it happens on a server IT is responsible for, it's a fucking calamity but if it happens on a device the user owns, it's their own fucking fault.The real problem is that these devices aren't secure by default, so no, the user doesn't deserve the blame,