Skip to content

At DEF CON: What To Do About Bricked & Abandoned Devices?

A pile of abandoned personal electronic devices.

The conversation about the scourge of bricked and abandoned smart devices is coming to the DEF CON conference in Las Vegas next week, as leading figures from cybersecurity and policy circles gather for a panel discussion of abandonware Friday evening, August 9th.

The panel is Bricked & Abandoned: How To Keep The IoT From Becoming An Internet of Trash and features key members of SRFF leading a discussion of the economic, social and cybersecurity implications of “abandonware” – smart, connected products and services that find themselves declared “end of life” and abandoned by their maker.

A ‘Brick’ Problem As the IoT Ages

Abandonware and “end-of-life” devices are becoming a bigger issue as the Internet of Things ages and manufacturers make bottom line-driven decisions to walk away from smart, connected products they have sold to consumers, businesses and public sector organizations.

Consider the recent news about Spotify’s Car Thing, a portable device the popular streaming service began selling in February 2022. After discontinuing sales just five months later, in July, 2022, Spotify declared earlier this year that it was shutting down the online services that the Car Things relied on -effectively “bricking” the devices in December of this year without offerinc consumers a trade-in or refund. (The company later walked back that decision following outrage from consumers and offered refunds for the discontinued hardware.)

Concerns about working devices being condemned to the landfill because of software imposed deadlines have cropped up around all manner of devices. It was estimated that Microsoft declaring the end of support for its Windows 10 operating system would send 240 million devices to the landfill globally. Google deciding (under pressure) to extend support for its Chromebooks to 10 years, saving school districts an estimated $1.8 billion dollars in savings while keeping millions of tons of otherwise functional devices out of the e-waste stream. Still, more and more examples of manufacturers walking away from connected products or ending support of software long before they have reached the end of their useful life crop up each day.

EOL + RCE = *&$%!!

And there are cybersecurity consequences to this. Attacks exploiting flaws in end of life devices have been linked to numerous cybercriminal and nation-state actors. For example, in March, Black Lotus Labs uncovered a botnet (“Faceless”) made up of 40,000 end of life small office home office (SOHO) routers. Also, the Chinese APT group Volt Typhoon is known to have targeted VPN virtual appliances by Ivanti in attacks in 2021 and 2024 that were found to be running an “end of life” version of the open source CentOS.

With the Internet of Things set to double in the next decade, billions of vulnerable devices marketed and sold to connect us risk robbing, dividing and defeating us in the years to come: a process the author and futurist Cory Doctorow has termed “enshittification.”

Fighting for our digital future

So what’s the answer? That’s what the Bricked and Abandoned panel is all about. In this panel you’ll hear from experts working at the forefront of a fight to challenge the status quo and find ways to safeguard our digital futures – from a “right to repair” digital devices to reforms to the nearly three decade old Digital Millennium Copyright Act that makes it a federal crime to circumvent software locks for any reason.

If you’re going to be in Las Vegas for Hacker Summer Camp, be sure to check the panel out Friday evening at 5:00 PM Pacific Time. To learn more, visit the DEF CON website at defcon.org!

The speakers on the panel are author and futurist Cory Doctorow of the EFF and Pluralistic.net; Tarah Wheeler the founder of Red Queen Dynamics and a Senior Fellow in Global Cyber Policy at Council on Foreign Relations; Chris Wysopal, the CTO of Veracode; independent cybersecurity researcher Dennis Giese of DontVacuum.me and Paul Roberts, the President of SRFF and Publisher and Editor in Chief at The Security Ledger

Leave a Reply

Your email address will not be published. Required fields are marked *