FTC expresses concern about software updates for smart devices

The Federal Trade Commission (FTC) has expressed concern over lack of manufacturer commitment to software updates for smart devices, citing the risk that security flaws won’t be fixed, or that products will cease to function altogether.

This echoes concerns we’ve been raising for the past couple of years about us never really owning the smart products we buy …

We never really own our smart devices

We first raised this concern in 2022.

Just as companies can add features through firmware updates, they can also take them away. This is especially true of products that rely on connecting to a server run by the company. Case in point: today’s announcement that Amazon is shutting down Cloud Cam.

We flagged it again last year when hi-tech ebike company VanMoof ran into financial difficulties, and owners of the expensive bikes were potentially going to be left unable to unlock them.

While unlocking is activated by Bluetooth when your phone comes into range of the bike, it relies on a rolling key code – and that function in turn relies on access to a VanMoof server. If the company goes bust, then no server, no key code generation, no unlock.

That issue was, thankfully, resolved.

FTC expresses concern about software updates

The FTC has now expressed the same concerns. It checked the websites of 184 different smart products to see what promises brands made about future support, and found that the vast majority failed to offer any assurances at all.

A new paper from Federal Trade Commission staff finds that nearly 89% of products surveyed failed to disclose on their websites how long the products would receive software updates, which help ensure the devices are protected against security threats and operate properly.

FTC staff from the agency’s East Central Regional Office looked for information about 184 different “smart” products—ranging from hearing aids to security cameras to door locks—about how long companies would provide updates for those products. If the manufacturer stops providing software updates, these products may lose their “smart” functionality, become insecure or stop working

The agency says this failure may actually break the law.

The staff paper noted that manufacturers’ failure to inform prospective purchasers about the duration of software updates for products sold with written warranties may violate the Magnuson Moss Warranty Act, which requires that written warranties on consumer products costing more than $15 be made available to prospective buyers prior to sale and requires other disclosures. Failing to provide software update information to consumers could also violate the FTC Act if manufacturers make express or implied representations about how long the product is useable, according to the staff perspective.

Ironically, the FTC itself isn’t saying what it plans to do about the problem, but the fact that it is highlighting the issue is at least a step in the right direction.

Photo by Sebastian Scholz (Nuki) on Unsplash