"Doing security properly for these devices is not very expensive compared to scale they are being sold."
Not sure that's true. I did a 18 month stint with a tiny (6 person) hardware startup - most of my time was spent ensuring our devices could auto-update their embedded Linux securely without bricking or losing any of the custom hardware specific capabilities. It's not an easy trick to pull off (big thanks to the ARCH Linux team for all their work that I built on), and there's ongoing cost involved to ensure newly discovered vulnerabilities have a process to be evaluated, patched, tested, and deployed to the fleet of devices.
The high expense is caused in part by the current high volume of vulnerabilities.
Vulnerabilities and updates are inevitable, but the current volume of them is not, by orders of magnitude.
The volume of serious exploits could be reduced dramatically if we started to more seriously apply the principle of least authority (and an important technique and way of thinking about that is capability security -- in fact an important technique to make 'brickless updates' easier to achieve too, I suspect).
I think how to kick-start the industry to actually do that is a difficult problem.
There aren't any good frameworks for doing so in an embedded space. Traditional linux package managers aren't really great for this (nix is the closest to getting it right, but isn't really ready on embedded yet).
edit- The main objective, of course, being allowing unattended atomic updates with as low a risk of bricking the device as possible. Usually these devices will be updating the whole root filesystem at a time, which is otherwise read-only. Ideally this is also done with as little downtime as possible. There is some work in this space in standardizing a solution, but it isn't really there yet, so it tends to get home-grown for each product.
I got super lucky. Between the design/BOM stage and the actual first manufacturing run, the price of 4Gig micro SD cards dropped below the price of 2Gig ones - so I ended up (at the last minute...) with enough space to do a complete system install on a separate partition. Reduced my fears of remote bricking everybody's devices enormously...
Not sure that's true. I did a 18 month stint with a tiny (6 person) hardware startup - most of my time was spent ensuring our devices could auto-update their embedded Linux securely without bricking or losing any of the custom hardware specific capabilities. It's not an easy trick to pull off (big thanks to the ARCH Linux team for all their work that I built on), and there's ongoing cost involved to ensure newly discovered vulnerabilities have a process to be evaluated, patched, tested, and deployed to the fleet of devices.