“Within the next 12 months we’re going to have lot of things breaking,” security researcher and consultant Scott Helme told The Register in an interview on June 10, 2020. – Reports Toms Guide.
Helme explains in his blog that this phenomenon will happen because the Certificate Authority root security certificates built into many smart-home and Internet of Things devices are beginning to expire.
Such certificates make it possible for digital devices to establish secure online connections with servers, and almost all internet connections have to be secure these days.
The root certificates can be renewed with firmware updates, but such updates can be hard to find and hard to install by device owners, especially if a smart-home or IoT device has no associated mobile app or administrative interface.
“We’re coming to a point in time now where there are lots of CA Root Certificates expiring in the next few years simply because it’s been 20+ years since the encrypted Web really started up and that’s the lifetime of a Root CA certificate,” said Helme.
Some services have already been affected. For instance, Helme pointed out that two weeks ago, at 10:48 Universal Time on May 30, many Roku devices suddenly could not connect to online services and streams such as Netflix because their root certificates had expired.
Other said to have been affected include online-syncing service SugarSync, password manager RoboForm and payment-processors Stripe and Speedly.
If the makers of the affected devices don’t push out updates, and the owners of those devices don’t install the updates, then the devices will be reduced to old-fashioned “dumb” appliances.
Most vulnerable devices include Android Smartphones. Data shows that nearly 40 per cent of all Android devices visible to Google were using now-unsupported Android versions such as Nougat (Android 7) or earlier.
Because some smart-home devices, for example, a smart light bulb can go for months without connecting to the internet, Helme fears that many devices will miss the window between when an update that installs a new root certificate is made available and when the old certificates expire.
After the window passes, those devices that are still using the old root certificates won’t even be able to connect to their own manufacturer’s servers to install the firmware updates that would fix the problem.
It is time to check for firmware updates for all your smart gadgets.