Today's IoT Devices are not secure enough. IoT device connected with medical equipment, connected with smart miter, connected with human body so it can be track on the air/on the wire.
Next get attack can be more sophisticated because it may penetrate IoT devices on the air/on the wire..This advanced IoT device should use some encryption while transferring data on the air/on the wire. Similar fashion VPN did.
Let's be honest, IoT device implementations are not secure enough. Most device RTOSs have security features like TLS available, and items like the removal of default credentials are still required (unless you are in California!) The scary thing about IoT is numbers, the same basic hygiene as applies to any other system will go a HUGE way in protecting them, and the systems to which they are connected. More advanced solutions can use more advanced features, but they come down to same basic ideas. Don't expose services you don't need, and authenticate/authorize all communications. Beyond that you are mostly looking at lifecycle management and ease of operations.
I am going to pick up this theme again, despite it being some ago. A recent IEEE Spectrum set of experiments on various devices has proven that many devices, including toys and drones are vulnerable.
At which point, do we demand, that all IoT devices are made secure from the outset - we did this internationally with electrical standards - so why not these too?
Regards
Caute_cautim