Two Massachusetts legislators have proposed bills that would require companies to disclose when software and security updates will end for connected devices. The move, collectively dubbed “An Act Relative to Consumer Connected Devices,” aims to give consumers transparency about the lifespan of their smart home gadgets, routers, and other internet-connected products.
The Problem: “Zombie” Devices and Cybersecurity Risks
The bills come as a response to a growing issue: the proliferation of outdated devices left vulnerable to hackers. Once software support ends, these devices become potential entry points for cyberattacks, essentially turning into “zombie” gadgets that pose risks to users and networks. The legislation would mandate manufacturers to clearly label products with end-of-life dates for updates and notify customers when support is nearing its end.
“Our daily lives have become intertwined with smart devices,” says Representative David Rogers, one of the bill’s sponsors. “Once a company decides it will no longer provide software updates for those devices, they become ticking time bombs for hackers to exploit.”
Why This Matters: The Internet of Things is Aging Fast
The push for transparency is critical because the “internet of things” (IoT) is rapidly aging. Millions of devices, from Wi-Fi routers to smart thermostats, are now years old and may no longer receive security patches. These unpatched devices create a larger attack surface for malicious actors, leaving consumers exposed to malware and cyber threats.
Consumer advocates say the issue is widespread. “Almost everybody has a story about some device that they love that suddenly stopped working the way they thought it would or has just straight up died,” says Stacey Higginbotham, a policy fellow at Consumer Reports.
The Bills’ Requirements: Disclosure and Notifications
If passed, the Massachusetts law would compel manufacturers to disclose update timelines on packaging and online. They would also need to proactively notify customers when devices are approaching their end-of-life, including details about lost features and potential security vulnerabilities.
Supporters hope this legislation will serve as a model for other states and ultimately drive federal policy. The goal is not to eliminate obsolescence, but to empower consumers with the information they need to make informed purchasing decisions and manage their devices responsibly.
“This is inevitable. We can’t just leave them out there connected and unpatched.” — Paul Roberts, president of Secure Resilient Future Foundation
The bills represent a growing recognition that software lifecycles and cybersecurity are essential consumer protections in the modern, connected world.
