Ever since I started intentionally writing about “obsolescence by design” way back in 2011, it’s been a regularly-revisited theme in my writeups. The reason why has a lot to do with my predominant editorial beat, consumer electronics. After all, as I’ve seemingly mentioned innumerable times since launching this blog in 2005, consumer-electronics manufacturers as a rule make scant (if any) profit on each unit sold, especially after subtracting the “percentage” taken by retailer intermediaries. Revenue tangibly accrues only as a function of unit volume, not from per-unit profit margin.
Initial-sale revenue is sometimes supplemented by after-sale firmware-unlocked feature set updates, services, and other add-ons. But more often than not, a manufacturer’s path to ongoing fiscal stability involves straightforwardly selling you a brand new replacement/upgrade unit down the road; cue obsolescence by design for the unit currently in your possession. However catchy that phrase may be, however, I realized in sitting down to write this piece that it’s insufficient to fully explain the situation. Whether the scenario might be, for example, an inherently non-immortal battery so deeply embedded that no average consumer could swap it for a replacement, or a product that becomes defective due to hack- or otherwise-exposed flaws in hardware and/or software, a corporate “do nothing” decree is also key piece of the puzzle.
To wit, here are a few new troubling case studies that I’ve recently come across. But wait, didn’t I just do something similar on this topic? Sadly, yes.
Best Buy Insignia Connect
Source: Best Buy
As reported by The Verge in September of last year, Best Buy cut the cloud-coordinated tether between its line of Connect smart home devices (including smart wall plugs, Wi-Fi light switches, a smart camera, and believe it or not, a Wi-Fi freezer) and the companion Connect app in November of 2019. To its credit, Best Buy reimbursed (via an e-gift card good only at Best Buy, mind you) those who’d unwisely bought into the Connect ecosystem, albeit only for up to 10 now-neutered devices. However, Best Buy didn’t reimburse the added charges for those who’d leveraged its Geek Squad service to setup those devices, and even if you’d installed them yourself, I’m sure the thought of ripping out a bunch of plugs and switches (not to mention frantically downloading still images and video clips from Best Buy’s “cloud” before they disappeared forever) raised owners’ blood pressure a few points.
GE Refrigerator water filters
This one’s mind-boggling. The “official” (translation: high-priced) replacement water filters for GE refrigerators are RFID-tagged. And if you try to install a third-party (translation: cost-effective) filter absent the all-important RFID, the refrigerator will refuse to reset the days-until-replacement counter, as well as continue to display an annoying warning/error message. Apparently, the company included a bypass cartridge with the refrigerator that you can use instead in a non-filtered fashion. But still, seriously? This is reminiscent of the Lexmart toner cartridge debacle that ended up at the Supreme Court.
Where there’s a will, there’s a way, however. Clever consumers have figured out how to cut out or otherwise remove the RFID from an expired filter and attach it to a third-party replacement, faking out the refrigerator’s DRM in the process. $55 for a GE filter, versus $13 for an otherwise perfectly acceptable third-party alternative? If I owned a GE refrigerator, I’d certainly take the plunge on this project, too, if only to “stick it to the Man.”
Initial coverage on this issue erroneously reported that once the refrigerator decided that the filter in it was expired, it would flat-out refuse to further dispense any more water (or ice for that matter) until you replaced it with a RFID-inclusive fresh filter (or used the aforementioned filter-less bypass cartridge instead). This would have been far more egregious if true, but again, it wasn’t.
Issues with flawed-firmware routers (and manufacturers’ foot-dragging or outright refusal to fix them) have been on my radar screen ever since I personally experienced the situation. Netgear’s products are the latest case study example, but they probably won’t be the last. As recently-reported by The Register, back in June Trend Micro publicly revealed (including proof-of-concept exploit code) as part of its Zero Day Initiative, a stack overflow bug in 79 different Netgear router models, which until patched would allow unauthenticated remote code execution with root privileges.
Before you get all critical on Trend Micro for its seeming irresponsibility, realize that the company had spent the previous six months unsuccessfully attempting to confidentially resolve with Netgear the issue it had found. Realize, too, that by the time Trend Micro made its disclosure, the vulnerability had also been independently announced (complete with proof-of-concept exploits) by at least one other entity. Clearly, Trend Micro was trying to publicly shame Netgear into responding after prior private outreach had been ignored, and it worked, sort of. By the end of the month, Netgear had already fixed 28 different models via available firmware updates. But Netgear also decided that 45 models (including one that I’d blogged about a few years earlier, followed by a teardown of the device) were “outside the security support period;” translation: they’re not getting fixed. Nice, Netgear.
Samsung Blu-ray players
This last one’s really wild. Beginning in mid-June, owners of various models of Samsung Blu-ray players began frantically posting to the company’s online discussion forum (along with publishing videos; see an example below) with reports that their units had spontaneously started perpetually auto-rebooting on startup, even if the users hadn’t initiated a firmware update or otherwise manually taken them online, and ignoring all button presses and other attempts to interrupt the cycling:
Initial theories postulated that either Samsung had auto-pushed a bad firmware release to the units or that an SSL certificate embedded in the firmware had expired. Something online-related was clearly to blame, because the only units not affected were those that were completely disconnected (with disabled Wi-Fi and no Ethernet cable connection) from the internet. After an interminable delay, Samsung finally officially responded that affected customers would need to ship their units back (at no cost to them) to the company for repairs; no remote fix was possible. But they didn’t explain why the units had become “bricked.”
Leave it to savvy end users to (at least we think) figure out what had actually happened. Quoting from The Register’s thorough coverage (complete with the contents of the presumed corrupting file!):
It’s been suggested … that the cause of the failure was an XML file downloaded by the network-connected devices from Samsung servers during periodic logging policy checks. This file, when fetched and saved to the device’s flash storage and processed by the equipment, crashed the system software and force a reboot. Upon reboot, the player parsed the XML file again from its flash storage, crashed and rebooted again. And so on, and so on, and so on. Crucially, the XML file would be parsed before a new one could be fetched from the internet, so once the bad configuration file was fetched and stored by these particular Samsung Blu-ray players in the field, they were bricked.
Check out The Register’s writeup for all the nitty-gritty background details. Samsung replaced the offending XLM file on its servers 10 days after the initial reports came in, but too late to resurrect Blu-ray players that were already infected. Why, oh why, didn’t Samsung design in a “recovery” mode from the beginning that would allow consumers to restore their devices themselves via a firmware image on a USB flash drive, say, or, get this, a “burned” optical disk? The mind boggles.
Readers, have you experienced these or conceptually-similar examples of device defects, whether by conscious design choice or development mistake, whose fixes were delayed or flat-out denied by their suppliers? Sound off in the comments!
—Brian Dipert is Editor-in-Chief of the Edge AI and Vision Alliance, and a Senior Analyst at BDTI and Editor-in-Chief of InsideDSP, the company’s online newsletter.