BSides Vancouver 2026

Consumer devices like phones, routers, and computers are built to last only a few years.  Not because the hardware falls apart, but because, after a few years, manufacturers refuse to update the software.  In most cases they also prevent you from updating the software yourself.  This creates huge amounts of e-waste, and significant added expense for people who would rather keep the perfectly-fine hardware they have.

Fortunately, the infosec community is already creating solutions to these problems.  The first step to securing a device long-term is to break the manufacturer's locks so that you can get in and modify the device's software yourself (whether those locks are "legitimate" or not).  We have many excellent examples of people prolonging the life of devices this way.

However, the majority of the time getting in is just part of the battle.  Once you have root on a device, there may still be software that is proprietary or otherwise difficult to secure (perhaps because the company is withholding source code that they are required to give you).  This is where the software freedom community can help out, by getting all the possible source code, and reimplementing the rest.

We have many examples where this has been done, from OpenWrt and Rockbox for routers and audio players, to Debian and LineageOS for computers and phones.  In all of these cases, people have found ways to install software updates on devices that would otherwise stop receiving updates, allowing them to continue using their device securely for a decade or more.  And in many cases, these ways involved using the courts.

This talk will discuss how these projects came to be, how we used the courts to make that happen, how many decades of security support you can reasonably get for an arbitrary consumer device you buy today, and how you can help make this possible.