Skip to content
Naked Security Naked Security

Sonos’s tone-deaf legacy product policy angers customers

Stopping software updates for legacy kit is nothing new, but it's the way the company has done it that has Sonos customers' hackles up.

When you buy a cloud-connected appliance, how long should the vendor support it for with software updates? That’s the question that home audio company Sonos raised this week when it dropped some unwelcome news on its customers.
The company has announced that it will discontinue software updates for older products in May this year (here’s a list of products that it marks as legacy). Stopping software updates for legacy kit is nothing new, but it’s the way the company has done it that has Sonos customers’ hackles up.
Sonos points out that it supports software updates on products for at least five years after it stops selling them. However, the issue here is that all products in a Sonos network must run on the same software, meaning that any newer (‘non-legacy’) equipment connected to the speakers will also stop downloading new software updates. The only way around this for Sonos users is to disconnect their new equipment from their legacy kit and run them independently of each other.
From Sonos’s email to customers:

Please note that because Sonos is a system, all products operate on the same software. If modern products remain connected to legacy products after May, they also will not receive software updates and new features.

This carries service implications for users, because while products will continue working without software updates, it doesn’t mean that they will work as well. Sonos explains that as third-party connected cloud partners change their own services, they may become incompatible with the legacy software.
This isn’t just a product service issue; it’s a cybersecurity problem. Any cloud-connected equipment is potentially vulnerable to attack, and researchers frequently discover new exploits. Ugo Vallauri is co-founder and policy lead of the Restart Project, a European organisation that promotes user repairs of consumer electronics in a bid to cut down on e-waste. He told us:

A big issue is the lack of separation between security updates and software updates. While we can’t expect a product’s software to be improved indefinitely, security updates should be ensured for as long as possible. In this case, Sonos is not even mentioning security updates when suggesting that “legacy” products could continue to be used.

When we asked Sonos about this, it replied:

We take our customer’s security seriously and will work to maintain the existing experience and conduct critical bug fixes where the computing hardware will allow.

So perhaps there’s hope, but there’s no official policy that tells you exactly what to expect in terms of cybersecurity fixes.
Contrast that with computer software companies like Microsoft. It also ceases support for its products (a concept known as end of life, or EOL). However, it lets customers know about it years in advance, rather than giving them four months’ notice, as Sonos has done. It offers cybersecurity updates for an extended period and allows customers to buy extended support after that. And EOL Microsoft software connected to the network doesn’t affect software support for non-EOL software.


Sonos customers are furious. On the company’s forum, one, named Stueys said:

Just received the legacy email that tells me that half my 10 unit system will be obsolete from May. So it appears that I can either pile more money into Sonos, accept that my modern equipment (less than 2 years old) will no longer be updated because I have the audacity of being a long term customer or go somewhere else.

So how long should companies maintain software support for their products?
Gay Gordon Byrne is executive director of the Repair Association, a US non-profit that advocates for the right for people to repair products. She told us:

There are ZERO support obligations in the US. There are no requirements that any product be updated for any reason other than for “Defect Support”. Even fixing known defects is voluntary until/unless there is a mandatory recall or other banishment, such as when the Samsung Galaxy 7 phones were so prone to battery fires that they were prohibited on planes.

We asked Sonos why it couldn’t have introduced a software feature that would enable newer products to maintain backwards compatibility with older products. After all, games console vendors engineer entire operating systems to be backwards-compatible with old games, which is a much tougher task. We’ll update this article when the company respond.
Stueys asked Sonos:

So I can make an informed decision Sonos must now publish the support windows for all products currently available. At least try to recover some credibility.

We put this to Sonos, and it restated that it will support products with regular software updates for at least five years after it stops selling them.
Sonos explains that if customers don’t want to keep their old legacy kit, they can trade up. This program, announced in October 2019, gives customers a 30% credit for each legacy product they replace.
There’s a catch, though: to take advantage of the trade-in deal they have to activate ‘recycle mode’, which is effectively a kill switch for legacy equipment. Activating this mode deliberately bricks Sonos equipment in 21 days with no chance of recovery. It’s designed to stop legacy kit from falling into the hands of second-hand customers and degrading their experience, Sonos told The Verge.
All this leads to a bigger question: Do you really own your equipment when it’s connected to a cloud service? Companies have trampled over user rights in the past, such as when Nest bought IoT home hub device Revolv and then bricked all the devices in the field. It’s an ongoing problem and we document other examples.
Vallauri concluded:

Increasingly, products are rendered useless via software before they are physically obsolete. We first experienced this with mobiles and tablets, but we will experience this with many of the products we buy. This is totally unacceptable, given their cost to consumers and their environmental cost.


Latest Naked Security podcast

LISTEN NOW

Click-and-drag on the soundwaves below to skip to any point in the podcast.

8 Comments

IMO that entire company is tone deaf in general with customers, with over priced dated products that have not been updated in years.

“Waste not want not” except it doesn’t work when you companies want you to be upgrading to the next best thing.

I have felt that support should continue from 10 years after the last sale of the product. This is similar to automobiles here in the US.

Consumers need to understand that when they buy an interconnected device, they’re not only buying the item in the box but buying into a cloud service. When the service provider stop support due to ‘end of life’ more than likely the device will stop as well. Whether its a £100 Cosmo Anki robot, £500 Sonos Speaker, but even an 100k Telsa. Shop’s need to stop selling these devices if these devices have been deemed ‘end of life’ by the manufacturer or the manufacturer has gone under. More transparency is required to customers when purchasing connected devices.

Bonus point – some Sonos kit was sold a long time after Sonos stopped shipping it, suppliers were allegedly selling some, soon to be legacy, items as recently as two tears ago (e.g. the Connect and Connect:Amp, which were replaced by newer products with the same names, so people with old stock could shift them at new prices).
Also, even more fun, they seem to be killing off products with 32MB of RAM, and some old devices got silent RAM updates during their lives. For example my v1 Connect:Amp has 32MB, some v1 units have 64MB. Should you buy a used one?
It will be interesting to see how the customer complaint storm works vs customers deciding they don’t want the hassle, biting the bullet and paying 000s to update their products, maybe they calculate they’ll end up ahead.
I have 7 Sonos products, 5 of which are legacy, so I’ll have to change to a legacy system (i.e. no more software updates), plus never buy another Sonos product, as it won’t work with my existing system if it has more recent firmware, although some products may ship with old firmware (updating firmware for production boxes tends, with most people, to be a fairly laggy process), but if that is older than the final legacy firmware will they update to that?
The big issue is when Spotify, Internet Radio and the iOS App stop working (although there is a suggestion there will be a legacy app, but will it keep up with iOS updates?).

Sonos’ five year support guarantee is worthless, because some products on the discontinued list are still on sale.

I was just thinking about adding another Sonos speaker but now there’s no way I’ll touch a Sonos product. Sonos just lost me as their customer.

I too am unhappy about this planned obsolescence for a product that still works perfectly fine (Sonos Connect) and no warning on purchasing that this might occur. This proposal will lock a whole system in to the past unless unsupported items are replaced at the customer’s expense, which is unusual for consumer entertainment goods. I’m unlikely to buy any new Sonos equipment now as there’s a risk it won’t work within the system, or will expire in another 5 years. The CEO’s email address can be found in the Sonos App support section.

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?