This is why the Internet of Things terrifies me. You think these clowns wanna be responsible for promptly releasing security updates for the lifetime of every piece of hardware they've ever shipped?
More likely the mobile industry: no, you can't upgrade your ancient Android. You'll have to buy new IoT devices every year and throw the ones with security holes in the landfill.
Given the build date of the kernel on my phone and the publicly disclosed security bugs in the kernel fixed in later releases, I'd be amazed if any Android version (yes, including current ones!) is free of known security holes.
This is because, the guys calling the shots are still the old telecommunication OEMs.
Although telecommunications always had a very close relationship with the software industry, they see the customers in a different way.
Since the early days they would rather ship new phones than offer upgrades. Nokia was probably the only exception, in the models that weren't tainted with mobile operator firmware.
It only works for Apple, because they managed to get those guys out of the way. But they got their lesson and surely will not let others get away with it.
