As this Mirai botnet infographic on the recent DDOS attacks explains, IOT product designers often forget about IT Security 101. There needs to be a specific phase in the IOT product development life cycle focused on security.
Also, the product reviews always need to have sections on IT security. This IT security review should focus on
- Open ports : Which ports are open? Do they need to be open? Is there adequate security?
- Default passwords: Are there simple easy to hack default passwords? Do you force the user to change the passwords frequently?
- Code: Does the source code have any risks? Are there documented risks in the plugins or software you use?
In short, designing for IOT products need not be different than any other IT product. In fact, due to the connected nature of IOT products, you need even more security.