I don’t know who needs to hear this, but your connected gadgets need software updates to retain not just their security but also, frequently, key features. If you read Ars Technica regularly, you probably don’t need to hear that. You already know that smart device manufacturers have a reputation for ending support for often-expensive devices, making them insecure and/or not work as intended. But, per a survey from Consumer Reports of 2,130 consumers, many Americans are buying into the Internet of Things (IoT) without understanding the risks involved in losing vendor support: wasted money when devices are bricked and cyber and physical security threats.
Consumer Reports’ American Experiences Survey, taken from December 6–16, claims the margin of error for its survey is +/- 2.59 percentage points, with 95 percent confidence. The publication said that 36 percent of respondents were four-year college graduates, 63 percent have a household income of at least $50,000, and the median age of respondents was 47 (you can find more information about Consumer Reports’ methodology here).
Consumer Reports’ subsequent report, released today, revealed a worrying potential education gap around IoT devices and the importance of ongoing software support:
Among people with any type of connected device… 43 percent… said that the last time they purchased one they were not aware that it might lose software support at some point. Roughly a third of consumers with a connected device (35 percent) said that they had been aware that their product would lose software support at some point, and 22 percent said they did not recall.
The most common response, at 40 percent, to the question, “If any of your smart devices has lost software support, how did you first find out?” was “it stopped working.” Fifteen percent said that they learned about the loss of support through the media. Thirty-nine percent pointed to manufacturer correspondence. Of course, it’s possible that some of those 40 percent of respondents simply missed vendor communication or even forgot about it.
“Ironically, ‘it was acting strange,’ is often the only indication a consumer may have that their device has been taken over by a malicious actor. They may see their overall network performance slow down, the device lag, or the device turning off and on at odd times,” the report says.
Consumer Reports also found a significant number of respondents expecting manufacturers to support their gadgets for over 10 years, but we know that’s often not the case.
According to the report, “A lack of awareness around the importance of software updates and what it means when devices lose software support probably contributes to the wide variation of expectations here.”
Consumer Reports also concluded that there’s a lack of understanding of how useful smart devices can be without software support. For example, 55 percent of smart TV owners, 46 percent of smartphone owners, and 43 percent of smart speaker owners surveyed said they think their respective gadget would still be useful if it reached its end of life.
The report points to smart TVs and smartphones losing third-party app support as their OSes stop receiving updates and smart speakers no longer accessing voice assistants if disconnected from the web due to lack of security support. The report’s authors concluded that “a lot of Americans who own smart devices don’t understand the relationship between software support and how long a device might retain its usefulness.”
However, it’s also possible that people have different ideas of what’s considered “useful.” A disconnected smart TV, for instance, could still connect to video game consoles or access streaming apps via a streaming stick. A smart speaker without Alexa can still play audio from a paired device. I asked about this, and Stacey Higginbotham, policy fellow for the tech advocacy team at Consumer Reports, said that the publication believes most consumers wouldn’t use disconnected devices as described.
“Some will likely continue to use the device as intended and keep it connected to the internet until it stops working (35 percent of folks who have had their connected device lose software support),” she said. “This is also born out in our survey research that shows 40 percent of consumers whose devices had lost software support only discovered that their software support ended when the device stopped working.”
Pressure for smart device vendors to be more up-front
Consumer Reports and other groups, including right-to-repair activists and consumer advocacy groups, in September asked the Federal Trade Commission (FTC) to provide guidance for device manufacturers to disclose up front how they will support their products. In November, the FTC warned IoT firms that “failure to provide software updates or the failure to disclose the duration of software support raises concerns about harm consumers cannot avoid” may violate the Magnuson Moss Warranty Act and Federal Trade Commission Act. In a report [PDF], the government agency said it examined 184 devices across 64 product categories and found that 164 “did not disclose the connected device support duration or end date” on their product webpage.
The FTC encouraged “policymakers and law enforcers” to consider these problems. Without any firm action plan from the FTC and new federal leadership, including new chairs at the FTC and Federal Communications Commission (FCC), it’s unclear how much of a priority these concerns will be for the government in the immediate future. When asked for comment, Rebecca Kern, a public affairs specialist for the FTC, said “staff is unable to talk further on this topic at this time.”
Lucas Gutterman, Designed to Last campaign director for the US PIRG Education Fund, which has asked for FTC regulation, maintains optimism that the FTC will see smart device longevity as an important issue, noting that the government body’s right to repair work “started during the first Trump administration, and both repair and obsolescence need to be stopped… by preventing manufacturers from controlling products we own.”
For its part, the FCC launched the US Cyber Trust Mark program this month, “a voluntary cybersecurity labeling program for wireless consumer IoT products,” per the agency. We won’t see labels on products until 2026, however.
Currently, though, 72 percent of respondents to Consumer Reports’ survey think manufacturers “should be required to disclose how long they will support the software.” Thirteen percent said that this shouldn’t be a requirement but that they “would feel more positive” about a firm providing that information. Eleven percent had no opinion on the matter, and 3 percent said that this shouldn’t be required of IoT vendors.
But with fluctuating demand and economics, IoT firms, from startups to enterprises, often lack foresight around how long they’ll be able to—or want to—support smart devices. It’s likely vendors will continue to push out their products without firm commitments to support them unless there is further prodding from users and/or the law.
For the non-tech-savvy among us, now’s a good time to read up on the importance of software updates and the fickle nature of the IoT.