Local Network Security
I think there's a lot more improvement that can be made to general domestic router / firewalls to help with this... Most contract supplied kit (BT Homehub etc.) is too locked down, or where control exists it's too complex for most people to grapple with.
I shouldn't take a networking wizard to be able to set any connected device to local communication only, or to separate devices into groups with differing access to each other or the internet. Or better still, firewall individual devices to only be able to connect to certain update IP's. I'm sure all of this must be possible, it's just complicated to set up AND maintain.
Which brings me to the next problem. Someone (even if it's google!) need to provide a secure centralised service for firmware / software updates that's completely agnostic to manufacturer's own support commitments. Imagine if there was one single URN that all devices, could reliably get the latest patches. Firewalling other random connections would be a whole lot easier, and it would be a lot more obvious who and what was a security risk.
If I could guarantee that my internet connected 'whateverthehellitis' could only talk to one approved update channel and also only to my smartphone app then I'd be more inclined to allow them onto my network.
Similarly, if you could guarantee a smart TV could only talk to BBC iplayer (and whichever other services you want to use) it would be a happier world. Unfortunately these things are just not built for users to have any control of. Until they improve the 'smart' functionality remains firmly off. It's worse than the wild west out there.