The current generation of IoT devices have mostly neglected security. Some of the reasons are:
1. No immediate cost, or penalty for weak or no security: A device manufacturer does not have any reason to make the device secure as there is no penalty to the manufacturer. On the other hand, Smart meter hacks can result in direct losses to the utility and are hence being made secure. A typical example (see references) is the situation where Tripwire contacted an IP camera manufacture and got a standard dismissal.