Here’s something that should bother you more than it does: the smart light switch you bought three years ago is almost certainly running outdated firmware with known security vulnerabilities. The manufacturer shipped it, collected their revenue, and moved on to the next product cycle.

Software support lifecycles for smart home devices are shockingly short. Most manufacturers commit to 2-3 years of updates, and many don’t commit to anything at all. After that, your internet-connected device sits on your home network, permanently vulnerable, until you throw it away and buy the replacement.

The Economics of Abandonment

The business model explains everything. A smart plug retails for $35-$50. The manufacturer’s margin after hardware, packaging, shipping, and retail cut is maybe $8-$12. Maintaining cloud servers, pushing firmware updates, and paying security engineers costs real money — ongoing money that doesn’t generate new revenue.

Companies can either build the cost of long-term support into the device price (making it uncompetitive) or plan to stop supporting it after a few years (which is what almost everyone does).

Google’s Nest is one of the few companies with the resources and motivation to provide longer support. But even Google killed the original Nest Secure alarm system in 2020, just two years after launch. If Google can’t commit to long-term support, what chance do smaller manufacturers have?

What “End of Support” Actually Means

When a device stops receiving updates, several things happen:

Security vulnerabilities go unpatched. Researchers discover new vulnerabilities constantly. An unsupported device will never receive fixes. If it’s connected to your network, it becomes a potential entry point.

Cloud services may shut down. Many smart home devices depend on manufacturer cloud servers for basic functionality. When those servers go offline, the device may stop working entirely — not just lose updates, but become a brick. This has happened repeatedly: Revolv hub (2016), Insteon (2022), Wink (effectively dead despite technically existing).

Compatibility breaks. OS updates on your phone, changes to WiFi standards, or updates to smart home platforms like Google Home or HomeKit can break compatibility with older devices that aren’t being maintained.

The device still works… until it doesn’t. This is the insidious part. Your smart thermostat keeps controlling temperature just fine. It feels like it’s working. But underneath, it’s running increasingly outdated software with accumulating vulnerabilities.

The Matter Standard Promise

The Matter smart home standard, backed by Apple, Google, Amazon, and Samsung, was supposed to help with this. By creating a common protocol, devices could theoretically outlive any single manufacturer’s support lifecycle.

Matter does improve interoperability. A Matter-certified device works across platforms. But Matter doesn’t solve the software update problem. The device still runs manufacturer firmware that needs patching. Matter doesn’t obligate manufacturers to provide updates for any specific duration.

What Matter does help with is reducing dependence on manufacturer cloud services. Matter devices can operate locally within your home network, so if the manufacturer goes bust, basic functionality survives. That’s meaningful progress, but it’s not the same as ongoing security support.

Who Does It Better

Some companies have better track records:

Apple HomeKit: Apple’s ecosystem requires devices to meet certain standards and Apple tends to maintain platform support for years. But individual device manufacturers within the HomeKit ecosystem still control their own firmware update cycles.

Home Assistant: The open-source approach sidesteps the problem by supporting local control. Many devices can be flashed with open-source firmware (Tasmota, ESPHome) that’s community-maintained indefinitely. This requires technical skill but provides genuine long-term viability.

IKEA: Their Dirigera hub and Tradfri range have been surprisingly well-maintained for the price point. IKEA has the financial cushion and brand motivation to avoid the bad press of bricking affordable devices.

What You Can Actually Do

Check support commitments before buying. Some manufacturers now state their support period. Google commits to 5 years for Nest devices. If a manufacturer won’t state a support period, assume it’s short.

Prefer devices with local control. Devices that work without cloud connections (Zigbee and Z-Wave devices via local hubs, for example) continue functioning even if the manufacturer disappears.

Segment your network. Put smart home devices on a separate VLAN or guest network so that a compromised device can’t access your computers, phones, and important data. Most modern routers support this.

Consider open-source alternatives. Products compatible with Tasmota or ESPHome firmware can be reflashed to open-source software, giving you control of updates indefinitely. This is more work but eliminates manufacturer dependency entirely.

Budget for replacement. Treating smart home devices as consumable rather than permanent changes the economic calculus. If you expect to replace a device every 3-4 years, the cost per year matters more than the upfront price.

The Regulatory Gap

The European Union’s Cyber Resilience Act, expected to take full effect by 2027, will require manufacturers to provide security updates for the expected lifetime of a product. Australia doesn’t have equivalent legislation yet, though the Australian Cyber Security Centre has published guidance recommending minimum support periods.

Regulation will eventually force longer support. But we’re not there yet in Australia, and enforcement will be another challenge entirely.

Organisations looking at smart building deployments — where unsupported devices create genuine enterprise risk — are increasingly working with specialists in this space to develop lifecycle management strategies that account for device obsolescence from day one.

The Bigger Picture

The smart home industry has a sustainability problem that goes beyond environmental waste. Every abandoned device is a security liability and a broken promise to the consumer who bought it.

The industry won’t fix this voluntarily because the economics don’t support it. Regulation, open standards, and consumer awareness are the forces that will eventually push toward longer support commitments.

Until then, buy thoughtfully, prefer local control, isolate your devices on the network, and don’t assume that “smart” means “permanently supported.” It almost never does.