Smart homes are no longer futuristic. Doorbells talk to phones. Thermostats learn your schedule. Lights respond to voice commands. Refrigerators send alerts. All of these are part of a growing world of connected technology known as the Internet of Things, and they raise a question most of us have dismissed at least once: should I bother updating this?
The short answer is yes, almost always. The reason goes deeper than most people realize, though, and it has a lot to do with what’s happening behind the scenes at the companies making these products.
However, there are occasional exceptions worth noting. An update can sometimes break compatibility with other devices on your network, and every so often a manufacturer pushes a flawed release that causes more problems than it solves. If a device is already years old and nearing the end of its supported life, it may be worth asking whether it’s time to replace it rather than continue updating it. While those situations are worth being aware of, for most devices, most of the time, the risk of skipping an update far outweighs the risk of applying one.
Every Connected Device Runs Software
The National Institute of Standards and Technology (NIST) describes an IoT device as any physical object equipped with sensors or actuators that interact with the physical world, paired with network connectivity that links it to the digital one. Think smart speakers, video doorbells, connected thermostats, fitness trackers, smart TVs, and all those plugs and bulbs you control from your phone. They communicate with apps, cloud platforms, and other devices across your home network. What makes them convenient is also what makes them vulnerable: they’re always connected.
Because every one of these devices runs software, every one of them has flaws that get discovered over time. Updates are how manufacturers fix security vulnerabilities, improve stability, protect against new hacking methods, and maintain compatibility with your network. Skipping an update is essentially leaving a door unlocked on your home network.
The Security Gap Most People Don’t Think About
The security features you expect on a laptop or smartphone aren’t always present on IoT devices. NIST has noted that IoT devices frequently lack the cybersecurity functionality that you’d find standard in conventional IT equipment. That means features like encrypted storage, secure authentication, or even the ability to receive a software update aren’t guaranteed just because a product connects to the internet.
When people talk about updating your devices, we assume the device was designed to be updated in the first place. Some weren’t. According to Microsoft’s 2023 Digital Defense Report, 46% of IoT devices with known vulnerabilities on customer networks have no reliable path to receiving updates — whether because the manufacturer stopped issuing them, the device runs on legacy firmware, or the hardware simply wasn’t designed with patching in mind. Any vulnerability discovered after a product hits the shelf may remain there for the life of the device.
Cybersecurity Manufacturer Practices Vary Widely
Not all manufacturers handle this the same way. A study by the Federal Trade Commission (FTC) found that 89% of smart device manufacturers failed to disclose how long their products would receive software updates, which is a basic piece of information NIST recommends any IoT device manufacturer disclose. That gap reflects a broader disparity: some manufacturers invest in dedicated security teams, regular firmware updates, and formal vulnerability disclosure programs, while others may ship products with no guarantee of ongoing security support. The real risk with those products isn’t necessarily that a flaw exists, but that it may never get fixed.
This raises an important question: how can anyone tell which manufacturers have strong cybersecurity practices in place and which ones do not? That’s where standards, independent testing, and accreditation enter the picture.