Skip to main content

Internet Based Devices May Have Issues Following SSL Certificate Expiration

By June 20, 2020May 5th, 2022Technology News

Recently, a number of Roku streaming channels mysteriously stopped working, leaving customers scratching their heads trying to figure out what went wrong.

After some research, Roku’s support staff discovered that the issue stemmed from a global certificate expiration.

They advised impacted customers to update their certificates manually by visiting the company’s website and following the instructions posted there.

Since Roku’s announcement, both Stripe and Spreedly experienced similar disruptions that traced back to the same root cause. This issue has revealed a hidden flaw in the design of many, if not most Internet of Things devices, and many of them will ultimately suffer the same fate.

IoT devices are becoming increasingly popular, but unfortunately, making use of them is fraught with peril. Most have no security at all, and few have anything more than the most rudimentary security protocols in place and can be hacked with relative ease.

Worse, as this issue highlights, many IoT devices simply have no means of receiving updates automatically, which puts users on the hook to manually update every smart device they have in their homes.

Security researcher Scott Helme had this to say about the issue:

This problem was perfectly demonstrated recently, on 30 May at 10:48:38 GMT to be exact. That exact time was when the AddTrust External CA Root expired and brought with it the first signs of trouble that I’ve been expecting for some time.”

We’re coming to a point in time now where there are lots of CA Root Certificates expiring in the next few years simply because it’s been 20+ years since the encrypted web really started up and that’s the lifetime of a Root CA certificate. This will catch some organizations off guard in a bit way.”

Heme notes that the next potentially significant date will be 20th September, 2021, when the CA certificates issued by DST Root CA X3 are slated to expire. If you have one or more IoT devices in your home, be aware, and be prepared to manually intervene when they stop working.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.