I hear you Bill and agree that IoT devices are going to have the problems that the web browsers of yesterday had, today and tomorrow.... The obvious point of attack due to the realities of how products ship.... Fast and quick!
However I think this is natural side effect of the world we live in. Creating a secure device that sells, is a hell of a lot more expensive compared to shipping a device and dealing with the problems if and when they occur.
As to GCHQ / NSA and other similar .Gov hacking these things, I am sure they do and would be more surprised if they weren't trying to find holes and routes to the inside of devices that could be popular and owned by many.
Having said that, I don't think obscure security holes are something new. Many years ago I was playing around with hacking barcode readers (It was with the CueCat, for those that remember that failed Dot Com 1 startup) and I had massive fun with it. I got reminded of it as I read this post today that talks about the exact same type of exploits I was playing with all those years ago....
http://en.wooyun.io/2016/01/28/Barcode-attack-technique.htmlhttps://twitter.com/tombkeeper/status/663730674017300480