Federal Trade Commission Report on product support for smart devices raises key issues for data security

December 10, 2024 |

A fairly to update programs and install patches provided by the suppliers is a common way hackers can access websites and smart devices. In those cases the breach is caused by the negligence of the owner of the website or smart device who fails to update. But what if the supplier fails to provide support after a time? With time the program or smart device will become more and more vulnerable to cyber attacks not to mention potentially losing functionality. It is a ubiquitous problem. The Federal Trade Commission has considered it with its report released under a cover of a media release titled Smart Products Surveyed Fail to Provide Consumers with Information on How Long Companies will Provide Software Updates.

The FTC media release provides:

A new paper from Federal Trade Commission staff finds that nearly 89% of products surveyed failed to disclose on their websites how long the products would receive software updates, which help ensure the devices are protected against security threats and operate properly.

FTC staff from the agency’s East Central Regional Office looked for information about 184 different “smart” products—ranging from hearing aids to security cameras to door locks—about how long companies would provide updates for those products. If the manufacturer stops providing software updates, these products may lose their “smart” functionality, become insecure or stop working, according to the FTC Staff Perspective.

“Consumers stand to lose a lot of money if their smart products stop delivering the features they want,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “Our study shows that nearly 89% of manufacturers of products we examined failed to post this information prominently or make it readily available. When shopping for smart devices, consumers should ask questions and consider how long their product will last.”

Staff reviewed the manufacturer’s product webpages, where consumers might look for detailed information about a connected device, and found 161 of the products surveyed failed to provide information about the support duration or end date. Staff also conducted basic internet searches to determine if consumers could track down support duration and end dates for the smart devices surveyed. Those searches did not uncover support information for two-thirds (124) of the devices surveyed.

The staff paper noted that manufacturers’ failure to inform prospective purchasers about the duration of software updates for products sold with written warranties may violate the Magnuson Moss Warranty Act, which requires that written warranties on consumer products costing more than $15 be made available to prospective buyers prior to sale and requires other disclosures. Failing to provide software update information to consumers could also violate the FTC Act if manufacturers make express or implied representations about how long the product is useable, according to the staff perspective.

This report comes after a September 2024 study by Consumer Reports which evaluated the policies of 21 appliance brands and found that only three disclosed how long they will guarantee updates to their appliances’ software and applications. The FTC compiled a list of 184 connected devices from different manufacturers used for personal or family purposes and using the manufacturer’s product webpage only tried to find information about software support duration or end date. ,Only 11% of product web pages provided information about how long the product would receive software updates. With  a Google searches 33% of the products provided information about product support duration or end date .

The report warned that the failure to provide software updates could be a deceptive practice in violation of Section 5 of the FTC Act.

The reality is that smart devices and motor vehicles increasingly rely on computer software updates to operate. In 2022 when some cellular telephone service providers announced plans to shut down 3G networks still used to support the installed telematics systems of some vehicles. 

This is issue is important in Australia in terms of complying with data security under the Privacy Act 1988.  It also raises issued under the Australian Consumer Law.

 

Leave a Reply





Verified by MonsterInsights