Most Smart Device Makers Fail To Reveal Software Support Periods, FTC Finds

Nearly 89% of smart device manufacturers fail to disclose how long they will provide software updates for their products, a Federal Trade Commission staff study found this week. The review of 184 connected devices, including hearing aids, security cameras and door locks, revealed that 161 products lacked clear information about software support duration on their websites.

Basic internet searches failed to uncover this information for two-thirds of the devices. "Consumers stand to lose a lot of money if their smart products stop delivering the features they want," said Samuel Levine, Director of the FTC's Bureau of Consumer Protection. The agency warned that manufacturers' failure to provide software update information for warranted products costing over $15 may violate the Magnuson Moss Warranty Act. The FTC also cautioned that companies could violate the FTC Act if they misrepresent product usability periods. The study excluded laptops, personal computers, tablets and automobiles from its review.

As long as...

[johnnys]

Right now, the only real protection for IoT device owners against the often terrible consequences of malicious actions of miscreants is to hope that the manufacturer (who has your money and doesn't care) will provide security and functional updates. Many manufacturers simply don't want to spend the money to hire a competent team to deliver good security. So they don't.

And so the only justifiable recommendation from real cybersecurity professionals is to say "NO" to IoT.

Even if you could find reasons to apply existing laws and requirements to IoT, it's unlikely to work as the IoT manufacturers usually operate in nations where such laws are simply ignored.

Re:

[Moryath]

You'd think some companies would be able to make money by selling straight TVs. HDMI, speakers, no need for any other shit baked in.

Should be illegal

[rtkluttz]

It should be illegal to force devices to use external cloud services. To offer it as an option is fine and good, but a device should ALWAYS be able to have local network command and control without having to ask permission from someone else's server to control something that exists behind your home or business firewall. You have everything from robot vacuums to garage door openers to enphase solar controllers now that are trying to force you to use ask permission from their services outside your homes security to control that device inside. This is really not one bit different than buying a house and a real estate agent refusing to give you a key to your own house and saying they will open the door for you every time you come and go.

Re:

[jenningsthecat]

You have everything from robot vacuums to garage door openers to enphase solar controllers now that are trying to force you to use ask permission from their services outside your homes security to control that device inside.

We're already seeing automobiles that are subject to similar restrictions. How long will it be before "my car won't work because the manufacturer got hacked" is a common complaint?

This is really not one bit different than buying a house and a real estate agent refusing to give you a key to your own house and saying they will open the door for you every time you come and go.

It's worse than that. You at least have a chance to talk to and reason with the agent. Just try getting in touch with the provider of the service your new appliance depends on. Hell, just try figuring out who the provider of that service is.

Re: Should be illegal

[drinkypoo]

I'm okay with devices being cloud based, I'm not OK with this not being disclosed, or with manufacturers not being required to specify a support period that if not fulfilled is grounds for warranty return. There ought to be a law protecting us from that kind of bait and switch.

We're not getting those protections any time soon, though.

Re:

[Baron_Yam]

Now, now. Think of the poor billionaire business owner who needs to be able to squeeze you for ongoing payments even though you only bought one thing, once.

How are they ever to afford that third mega yacht?

Re:

[thsths]

As stated, it is illegal.

But businesses have gotten used be illegal, as long as the profits outweigh the fines. And so far, there are no fines at all.

Re: Should be illegal

[Fons_de_spons]

People used to buy Porsches here to show of their wealth. These days it is high tech electric cars. They brag about the acceleration. They of course have to mention the extra cost of the charging equipment they had to install at home. Oh and of course, they had to beef up the electricity connection of their home.
I had a very good laugh when one of those types was complaining on TV that his super duper cloud connected charger was no longer working because the company went bankrupt and shut down the cloud s

Re:

[Moryath]

They of course have to mention the extra cost of the charging equipment they had to install at home. Oh and of course, they had to beef up the electricity connection of their home.

You're retarded, right? Most homes already have a 220 circuit for the clothes dryer. And you don't have to "beef up" any connection from your utility.

Re:

[rtkluttz]

You realize that simply having 220 is not the hindrance right? All meters and electrical panels that feed homes have a maximum amperage rating AND a max number of circuits. That amperage rating is for all circuits in the panel as well as the fact that the loads have to somewhat be leveled between the two 110 legs that make up the 220. Many homes are near max on the circuit count right from the beginning and many older homes are near the maximum amperage rating for their panel.

This may only help consumers so much ....

[King_TJ]

I think it's probably good to put pressure on companies to try to provide this information. But realistically? A lot of these "smart devices" are manufactured by companies who end support for them because their entire company was dissolved/bought out by another one or they go under in a bankruptcy.

Re:

[jonadab]

Yeah, I came into the comment section to say that the manufacturer doesn't *know* in advance how long they're going to continue to support the device, because they don't know in advance how well it's going to sell. If you sell 500 million of the thing, you can afford to support it for a while, to maintain customer good will and such, and then that pays off when you come out with a newer and ostensibly better version of essentially the same thing, and that's all well and good. Whereas, if you manufacture a

Re:

[drinkypoo]

This is why we need consumer protection laws which state that if the device becomes unusable because of abandonment in less than a certain period of time, which should probably be determined based on a combination of economic and ecological effects, the reseller is responsible for refunding the customer. Then they will be more hesitant to shovel shit at us.

Re:

[fuzzyfuzzyfungus]

The only good thing about some of the real bottom feeders is that they seem to be somewhat less likely to have a bunch of finance guys with visions of reoccurring revenue dancing in their eyes, pushing 'ecosystem' and cloud lock-in good and hard.

Yes, their firmware will basically be dangerous shit on release and probably never get any better; and their 'app' will be tied to some rapidly aging version of android and be full of horrifying security mistakes; but they won't even have bothered with the PKI to

Re:

[HiThere]

That shouldn't be a "get out of jail free" card. I'm less certain about how this should be managed (except by requiring that local control be feasible and the interface be public information), but bankruptcy shouldn't dissolve that obligation. Some of these things are medical devices. Turning off a vital medical device should be considered premeditated murder. Turning off a less important one should be considered battery. And turning off one that's just useful should be considered theft.

"Smart" devices?

[gkelley]

The only think "smart" about these devices is the way they dupe the customer into purchasing them.

lacked clear information

[awwshit]

> 161 products lacked clear information about software support duration on their websites

It is because they have no plan. The only plan is to sell as much junk as possible right now, and then sell them another one later. Support? Psssh.

Never buy any device...

[MpVpRb]

...that requires a cloud connection
The cloud is a trap
Run away!

Re:

[jonadab]

I mean, it depends. Use common sense. If the purpose (or a significant part of the purpose) of the device is to warn you about things like traffic conditions and closed roads while you're driving, then a cloud connection kind of makes sense, because that's potentially a reasonable way for the device to get the information that it needs in order to do what you want. Whereas, if the purpose of the device is to turn bread into toast, there's no reasonable argument for why it should need a cloud connection t

Re:

[jonadab]

Note that by "the purpose of the device" I mean *your* reason for buying it.

If what you want it to do is turn bread into toast, but the salesman is pushing a device whose main purpose is to consult online reviews of different brands of bread and recommend which ones to buy for toast-making purposes, and, incidentally, it can also turn the bread into toast as a bonus feature, this might make sense to the salesman, especially if he's on commission; but the online reviews aren't relevant to *your* purpose for

Re:

[HiThere]

UNLESS you can set up an independent cloud server and run it from that.

If the support period isn't stated

[Tony Isaac]

It's zero.

but I just make e-waste landfill for you to buy

[Growlley]

why would I support it?