alt Hacker NewsFor some background why IoT products will stop being insecure: if you sell one in the EU, you're liable for all the damage your botnet causes.
Luckily, common EU home routers have firewalls, even for IPv6. And it's so much easier to punch holes on purpose! Instead of messing with port forwarding and internal and external IP addresses, you can just say "this device is a server, please allow traffic on port 80 and 443, thank you"
I don't see how the logistics for that would work. Even when you know what devices are part of a botnet, which itself is no easy task, each device in a botnet is only doing cents worth of damage, and mostly to the target, but product liability only applies to the owner of the product.
Also, everyone I know that lives in Europe (although most of them not within EU countries) imports their IoT controllers directly from China or the US, because there is very little available from manufacturers in Europe.