SSL certificates that expire on older devices and applications are expected to cause problems on smart TVs, refrigerators and IoT.
On May 30, the Rocu Channel shut down, leaving affected customers trying to figure out where the problem lay and what to do. THE company advised its customers to manually update their devices, specifying:
"Due to the expiration of the certificate, the select streaming channels on the Roku platform based on this certificate chain may not work as expected. Manually install a software update from Roku. ”
And it was not the only platform affected. Payment platforms Stripe in the upcoming years, while Spreedly experienced holidays on the same day, due to the expiration of the respective certificates.
All SSL certificates come with an expiration date.
For SSL / TLS encryption to work, the server presents an SSL certificate to the client. If the server certificate is about to expire, sysadmin can easily renew it. However, in order for the client to trust any certificate that is presented as valid, its web browsers as well as its applications and smart devices are equipped with a set of pre-installed root certificates issued by a reputable certification authority.
Now, these root certificates have significantly longer expiration dates than web site certificates. They can last up to 20 or 25 years, but sooner or later they will expire.
In one post on his blog, security researcher Scott Helme said: “This problem was recently identified on May 30, 2020. At that exact time, when AddTrust External CA Root expired, it brought with it the first signs of the problem. We are coming to a point now where there are many certifications that will expire in the coming years, simply because it has been 20+ years since encrypted web started and this is the lifespan of a certificate. This will affect some organizations. "
Helme expects the next "potentially significant date" to be September 30, 2021. That's when CA certificates issued by DST Root CA X3 will expire. This means that if client applications and devices are not updated in time, they will not recognize Let's Encrypt certificates and will have connection problems.
Helme, had warned for this impending problem for 2 years. In addition, he considers that there is a possibility that the recent certificates are not compatible with the old models of smart TV, due to the very little root storage that exists in these devices.
Solution with warnings
Ενώ προφανής λύση είναι η τακτική ενημέρωση των updates στις έξυπνες συσκευές σας, μπορεί να μην είναι τόσο εμφανής στον τελικό χρήστη. Κατά τη διάρκεια των τακτικών ενημερώσεων, οι έξυπνες συσκευές κατεβάζουν και τα νέα πιστοποιητικά για να τα προσθέσουν στα ριζικά συστήματά τους.
This assumes that the device manufacturer continues to provide these updates, and of course with revised root certificates!
Realistically, a smart gadget can go through periods of prolonged inactivity lasting several weeks or months. If the updated gadget rarely gets its certificate expired while offline, it may have trouble reconnecting to the internet when it is turned on.
For example, a smart lamp may be able to connect to the internet, but may require a secure connection to its server to start receiving updates. If this smart bulb has previously been "disconnected" from the internet for a few months and now the grace period for updating the SSL certificate has passed, it may no longer be able to reconnect to the internet unless it is updated manually and if this is the case. still possible.
Επιπλέον, συσκευές όπως έξυπνοι λαμπτήρες, ρολόγια ή ψυγεία δεν διαθέτουν advanced περιβάλλον εργασίας χρήστη που μπορεί να δώσει στους χρήστες αρκετές ενδείξεις για το τι συμβαίνει, ειδικά σε τεχνικό επίπεδο. Με την πρώτη ματιά, ακόμη και ο πιο τεχνικά έμπειρος χρήστης μπορεί να μην καταφέρει να διαγνώσει το πραγματικό ζήτημα.
The irony of all this, as Helme pointed out, is that even the most "modern" devices and gadgets are not smart enough, because they fail to take into account the latest root certificates!
In order for smart devices and IoTs to continue to run smoothly and ensure smooth operation, all stakeholders and manufacturers in the industry will have to agree on a standard set of practices and adhere to them.
