This could be fixed by legalizing purely destructive hacking of IoT devices. To gain immunity from prosecution the hacker would need to demonstrate that the device is completely bricked and no remote access is possible. IoT manufacturers would then be able to post bounties for destruction of competitor's products and the free market would solve the problem very quickly.
This will result in harm to third parties who did not act maliciously, but that's already happening now. With this change in law the total harm will probably be less because the problem will be solved for real, which will dramatically reduce or eliminate the possibility of "black swan" events causing very serious harm (eg. shutdown of critical infrastructure).
"As long as the thief drives my car straight into the ocean, it's ok for him to take it"
I'm glad you're thinking outside the box, but that kind of "immunity", if it were ever to be authorized in an emergency (attacks on power grids lasting hours or days), it should only be carried out by the government with a warrant, and with the understanding that people may die or lose property due to the sudden, public destruction of millions of devices.
If you wait for that emergency then it's already too late, because any attacker competent enough to carry out that attack is likely competent enough to close the vulnerability they used to get access.
This will result in harm to third parties who did not act maliciously, but that's already happening now. With this change in law the total harm will probably be less because the problem will be solved for real, which will dramatically reduce or eliminate the possibility of "black swan" events causing very serious harm (eg. shutdown of critical infrastructure).