Smart home devices including televisions, fridges and more could all stop working without warning due to expiring security certificates, experts have warned.
Thousands of connected devices could be affected by the issue, which occurs when SSL certificates guarding the safety of products expire.
Secure Sockets Layer (SSL) protocols allow devices to stay secure when connected to the Internet, establishing an encrypted link between a web server and the device or system trying to connect to it.
Smart home security
However, these protections always come with an expiry date, and it seems some manufacturers and customers have now been caught unawares.
The warning comes days after several channels on Roku streaming devices suddenly stopped working on May 30. The company urged affected customers to update their device manually, noting that, “Due to a global technical certificate expiration, select streaming channels on the Roku platform that rely on this certificate chain may not be working as expected.”
This was followed by disruption to online payment platforms Stripe and Spreedly, which both blamed outages on Certificate Authority (CA) root certificates expiring. CA certifications ensure an extra level of security for websites and servers alike, giving access to the HTTPS certification system.
Researchers have now warned that more expiration dates could be coming soon, and are urging manufacturers and consumers alike to stay aware and ensure their devices are protected.
“We’re coming to a point in time now where there are lots of CA Root Certificates expiring in the next few years simply because it’s been 20+ years since the encrypted web really started up and that’s the lifetime of a Root CA certificate. This will catch some organisations off guard in a big way,” noted security researcher Scott Helme.
Helme added that the next “potentially significant date” for other certificates to expire could be as close as September 30 2021, although it’s not known what devices could be affected.
The issue is not purely down to consumers failing to download and install new updates, but also on manufacturers including such upgrades, including new root CA certificates, as part of these downloads.
Many smart devices released in the past few years, which have marked the first boom time in the connected product industry, are rushed through production to capitalise on high demand. This can mean they ship without proper security protection, often going on sale with only default passwords included and system software that lacks the latest upgrades.
Security researchers have long called for a universal set of IoT and smart device security standards to get around this market diversification, however many manufacturers seem unwilling to commit, meaning such issues may continue for years to come.
- Keep your home safe with the best antivirus software of 2020