One of my friend have an IoT-disrupting backpack. Inside there is a battery bank, a Raspberry Pi and a lot of IoT interface chipsets attached to it - nRF24L01+, LoRa, Bluetooth, WiFi - you name it, he has it. The Pi have code searching for unsecured IoT devices and send them into haywire. Now let's hope he don't walk by your home with his backpack...
All of this stuff tends to run in the ISM band so actually there is no expectation that you will not be interfered with, and running a transmitter that complies with the rules is legal even if it causes interference with other users of the band, that is kind of the point of the ISM bands.
Now deliberately designing something to stuff up other folks use of the band is a dick move, but I cannot really see that anyone has an expectation that RF links using those bands will not be messed with either by accident or with malice (Actually goes for any RF band user).
It is up to the designers of ISM band kit to ensure that it tolerates interference and has a sane fallback option when the RF link is receiving nonsense (Even nonsense that looks like maliciously malformed data).
I would note also that attacks on crypto are somewhat rare, attacks on implementations are where it is at. Much easier to find a buffer overflow, XSS or SQLi attack on some badly written web control interface then it is to be doing the number theory to be going after the crypto directly.
For me the big problem with a lot of the IOT stuff is that updates are not something that seems to be well understood by the manufacturers, consumer goods companies are not really with the idea that they still need to be pushing timely firmware updates to those LED bulbs that they stopped selling 4 years ago....
A big part of this is that for most users the internet is no longer end to end, A lightbulb with an IPV6 address I can firewall, add port knocking, tunnel, whatever makes sense, a lightbulb that makes a badly secured connection to a remote server that then forwards traffic from outside is a much harder problem to deal with because it pushes the problem out of my control.
It is not in the common cases even about attacking the wireless links because that is a strictly local attack, the serious problems are attacks that can be automatically mounted over the internet as that scales far better then a vandal with a SDR does, and creating botnets is a numbers game.
Regards, Dan.