Most important, he said, "they revealed that hacking power existed and was available to anyone. And this has big implications for the IoT," especially given the growth of our dependence on it.
"If you ask: 'Are we getting better or worse at security?' given that our dependence on the IoT is growing faster than our ability to secure it, I don't see the evidence that we are getting better."
There is plenty of troubling evidence of the lack of security he said, noting the recent demonstration by hackers that they could breach the control systems of modern cars, including the airbags, seat belts, brakes and even the steering wheels. He said a friend of his who is diabetic was able to hack his own insulin pump, and demonstrate that an attacker could deliver him a lethal overdose.
The response, when he informed his doctors and the manufacturer of the pump, he said, was simply, "We comply with FDA standards."
Internet-connected door locks that can be opened or closed remotely, "are supposed to keep bad guys out, but they can all be undermined to let bad guys in," he said.
And at the regional level are Industrial Control Systems (ICS) for utilities like water, sewer and the electrical grid that have hard-coded passwords, making them far too easy to hack.
Without public pressure, he said, things are unlikely to change unless there are some high-profile, catastrophic failures of systems. "If it's about public safety and public good, then the public needs to be part of the discussion. And we need to be ambassadors for digital literacy.
"No one is coming to save us," he said, "so it is worth trying. "We are adrift, and blood is in the water."