Swaathi Vetrivel, Michel van Eeten, and Carlos H. Gañán, Delft University of Technology
Security updates are essential for protecting IoT devices, yet consumers often lack reliable information about how long devices will be supported. We conduct the first large-scale study of update duration disclosures in the European market, analysing 34,187 product pages across local retailers, EU Amazon sites, and Temu. Disclosure varies sharply: Dutch retailers, subject to regulatory oversight, list update durations for up to 92% of devices, while Amazon provides such information for fewer than 1% and Temu for none. For smart TVs, where EU rules mandate disclosure, coverage is higher but still inconsistent. Stated update durations vary between one and eight years, with smart TVs generally receiving the longest support. Comparing stated support durations across retailers, manufacturers, and the EU's central product database, we find widespread contradictions, with retailers often understating support relative to manufacturers. These inconsistencies limit the effectiveness of transparency mandates and risk misleading consumers. Our findings show that regulation can improve visibility, but only robust enforcement and standardized disclosure mechanisms ensure accurate and trustworthy information.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
