Blog: Internet Of Things

When the IoT vendor goes bust

Ken Munro 28 Sep 2019

Over recent years, legislation has started to emerge to protect consumers from unethical behaviour from IoT vendors. Far too many smart devices didn’t charge for a subscription to the online platform that made the device ‘smart’. As a result, manufacturers had a perverse incentive to end-of-life product in order to sell you their next great smart thing.

A good example of this was the Revolv home hub: Google’s Nest division acquired the firm behind the $300 hub. Two years later, they shut the platform down, leaving consumers with a pile of useless electronics, orphaned from the platform. Uproar ensued, resulting in the US FTC investigating. Fortunately for Revolv owners, the FTC ruled in their favour and made Google compensate hub owners.

Sonos owners will recall a similar kerfuffle around their ‘recycle mode’ that killed the device when one traded up for a newer product, among many negative press stories around the length of product support.

Existing and planned regulation for IoT is increasingly having manufacturers state up front how long they will support the product for. Whilst some legislation is focussed on the longevity of product security updates, others focus on length of platform support.

This is good: it will allow consumers to make informed decisions about the smart products they buy. I, for one, don’t expect to be replacing a smart door lock after a couple of years simply because the manufacturer wanted to sell me a newer version.

But here’s the rub…

What happens if the IoT device manufacturer implodes, as so many have?

Who remembers CloudPets? The cuddly smart teddy bear that allowed parents to send audio message to distant children from an app on their smartphones using a smart platform.

The same vendor who left an S3 bucket with all the audio messages exposed to anyone on the internet. The same vendor who had significant BLE security issues that allowed fairly trivial compromise of the bear.

The US Senate took exception to this breach of children’s privacy and asked the vendor, Spiral Toys, formal questions. Unsurprisingly, Spiral Toys disappeared.

Without a smart platform to operate with, and with retailers unable to return the now non-functioning stock to the manufacturer, thousands of CloudPets were sold off as regular teddy bears. I picked up a couple for £5 each.

It’s not just security incidents that see IoT manufacturers going to the wall. Simply addressing a market that doesn’t exist is a good way of bankrupting ones business too. Or simply a poorly executed business plan, or investors that were invested too heavily in the hype of IoT rather than the reality.

I take no pleasure from seeing an innovative business fail, but I take even less pleasure when their customers are left with worthless, non-functioning smart products.

Which leads to my point:

Coming regulation to force manufacturers to state now long they will support their product for misses one key point: if the business fails, it can’t support product, leaving consumers in the same boat.

Any wise manufacturer would therefore likely create multiple subsidiaries to hold IP and support liabilities for each product they offer. In the event of a desire to end-of-life a product, they simply wind down the subsidiary and walk away from that liability. The legislation is thus rendered useless.

Should we therefore be asking IoT vendors, particularly of products which rely on a cloud platform to function, to establish a financial bond to pay for continued platform support up to the end of their stated life?

Aside from functional issues, this would also create disincentives for vendors to litter the world with electronic waste.