The SSL Certificates that expire on older devices and applications are expected to cause problems on smart TVs, refrigerators and IoT.
On May 30, the Rocu Channel shut down, leaving affected customers trying to figure out where the problem lay and what to do. THE company advised its customers to manually update their devices, specifying:
"Due to the expiration of the certificate, the select streaming channels on the Roku platform based on this chain of certificates may not work as expected. Manually install a software update from Roku. ”
All SSL certificates are accompanied by an expiration date.
For encryption to work SSL / TLS, the server presents a certificate SSL to the customer. If the server certificate is about to expire, sysadmin can easily renew it. However, in order for the client to trust any certificate that is presented as valid, its web browsers and applications and smart devices are equipped with a set of pre-installed root certificates issued by a reputable certification authority.
Now, these root certificates have significantly longer expiration dates than web site certificates. They can last up to 20 or 25 years, but sooner or later they will expire.
In one post on his blog, security researcher Scott Helme said: “This problem was recently identified on May 30, 2020. At that exact time, when AddTrust External CA Root expired, it brought with it the first signs of the problem. We are coming to a point now where there are many certificates that will expire in the coming years, simply because it has been 20+ years since encrypted web started and this is the lifespan of a certificate. This will affect some organizations. "
Helme expects the next "potentially important date" to be September 30, 2021. Then the CA certificates issued by the DST Root CA X3 will expire. This means that if client applications and devices are not updated in a timely manner, they will not recognize Let's Encrypt certificates and will have connection problems.
Helme, had warned for this impending problem for 2 years. In addition, he considers that there is a possibility that the recent certificates are not compatible with the old models of smart TV, due to the very little root storage that exists in these devices.
Solution with warnings
While the obvious solution is to update regularly on your smart devices, it may not be as obvious to the end user. During regular updates, smart devices also download new certificates to add to their root systems.
This assumes that the device manufacturer continues to provide these updates, and of course with revised root certificates!
Realistically, a smart one gadgets may go through periods of prolonged inactivity lasting several weeks or months. If the gadgets who is rarely updated when his certificate expires while offline may have trouble reconnecting to the internet when activated.
For example, a smart lamp may be able to connect to the internet, but may require a secure connection to its server to start receiving updates. If this smart bulb was previously "disconnected" from the internet for a few months and now the grace period for updating it has passed SSL may no longer be able to reconnect to the Internet unless it is updated manually and if this is still possible.
In addition, appliances such as smart bulbs, clocks or refrigerators do not have an advanced user interface that can give users enough clues as to what is going on, especially at a technical level. At first glance, even the most technically experienced user may not be able to diagnose the real issue.
The irony of all this, as Helme pointed out, is even the most "modern" devices and gadgets are not smart enough, because they fail to take into account the latest root certificates!
In order for smart devices and IoT to continue to run smoothly and ensure smooth operation, all stakeholders and manufacturers in the industry will have to agree on a standard set of practices and adhere to them.