A new report documenting how state-sponsored hackers from Russia and China exploit vulnerabilities in outdated smartphones reveals not just international security threats, but fundamental failures in how consumer technology prioritizes profit over user protection. The vulnerability of older devices stems directly from manufacturers' business models. Companies profit from selling new hardware, not maintaining old devices. Security updates get discontinued not when devices stop functioning, but when supporting them becomes unprofitable. Users face a choice: purchase new devices or accept increasing security risks—a choice manufactured by corporate decisions prioritizing sales over user safety. This planned obsolescence creates exactly the conditions state-sponsored hackers exploit. Millions of devices remain in use long after manufacturers abandon security support, creating vast attack surfaces that sophisticated actors can penetrate. The blame typically falls on users for not upgrading, obscuring how corporate policies manufacture these vulnerabilities. The framing of threats as primarily originating from foreign state actors, while not inaccurate, also serves convenient political purposes. It directs attention toward external enemies while downplaying how surveillance capitalism—the business model underlying most consumer technology—creates the conditions hackers exploit. The same data collection and device control mechanisms that enable corporate surveillance provide avenues for malicious actors. Government responses typically emphasize increased security measures, expanded surveillance capabilities, and international cyber operations—all of which expand state power without addressing root causes. Rarely do authorities challenge the corporate practices that create systemic vulnerabilities, likely because those same corporations provide surveillance infrastructure governments utilize. The security industry profits from this dynamic. Threats generate demand for security products and services, creating business opportunities from problems that corporate practices helped create. Meanwhile, users bear the costs—purchasing new devices, subscribing to security services, or suffering breaches—while corporations and security firms profit. Alternative approaches exist but struggle against entrenched interests. Open-source operating systems that receive community security updates regardless of device age, right-to-repair legislation requiring extended security support, and cooperative models prioritizing user security over planned obsolescence all face opposition from corporations benefiting from current arrangements. The situation also reveals how international tensions and corporate interests intersect. Rhetoric about foreign threats justifies increased surveillance and security spending, while the corporate practices enabling those threats continue unexamined. Users become caught between state surveillance, corporate data extraction, and malicious actors, with limited agency in any direction. **Why This Matters:** This story exposes how corporate business models prioritizing profit over user security create systemic vulnerabilities that state and criminal actors exploit. It demonstrates the failure of planned obsolescence as a sustainable approach to technology, and how security threats serve to justify expanded surveillance while underlying corporate practices remain unaddressed. The case illustrates the intersection of surveillance capitalism, state power, and international conflict, with users caught in the middle lacking meaningful control over their own security. It highlights the need for alternative approaches based on extended device support, open-source security, and treating digital security as a common good rather than a profit opportunity. The situation underscores how security rhetoric often serves to expand state and corporate power while failing to address root causes of vulnerability.
