I agree that regulating this will just cause security theater. However, it's also unreasonable to expect non-technical consumers to understand what's going on and what the implications of their choices might be for any given IoT device. Many probably would have a hard time deciding what devices are even IoT. Maybe this is a gap that could instead be filled by a consumer review product service that focuses on IoT devices and their security. I expect that the general public didn't care enough though to make this viable. Maybe once more toys got compromised...
Edit: I also wonder if stronger punishments for people involved in extreme cases like this would help. If you make a reasonable effort to secure your service and get hacked anyway that's one thing. But not even attempting to secure your service at all is something you shouldn't get away with. Of course the problem is how "reasonable effort" would be interpreted legally.
Edit: I also wonder if stronger punishments for people involved in extreme cases like this would help. If you make a reasonable effort to secure your service and get hacked anyway that's one thing. But not even attempting to secure your service at all is something you shouldn't get away with. Of course the problem is how "reasonable effort" would be interpreted legally.