Is the smart thermostat we see today the same one that was there yesterday?
I bet this can be demonstrated to be equivalent to the halting problem. The question should be really: here are the spcifications of a certain device (whether dictated by the manufacturer, or determined empirically): does the present device match them? With every query from here to eternity? Under all circumstances? That smells like the halting problem.
So, in other words, you can never be completely certain of the answer, only confident up to specific bounds. Maybe that's good enough, but $50K for that kind of work is not, and the amount of effort involved for the general case, is not. A good solution for the problem is going to be the sort of thing that would take a startup into a medium-to-large corporation.
But there are really much better ways to avoid the problem in the first place. I mean, to paraphrase a processor of mine, we don't need a microprocessor in every doorknob. Just don't use the damned things. Your fridge does not need to be on the net. Nor do your chairs. Nor each door in your house. Your washing machine works perfectly well without being on the net. So does your garage door. The risks of putting highly insecure interfaces on such items just does not justify the potential benefit.