Security News > 2020 > June > An Internet of Trouble lies ahead as root certificates begin to expire en masse, warns security researcher
Expiring root certificates will cause devices like smart TVs and refrigerators to fail in the next few years, security researcher Scott Helme has warned.
In order to validate the certificate the client must have a trusted root certificate from the issuing authority, and this, says Helme, is a problem for devices that never get updated.
Typically root certificates have a long lifetime, such as 25 years, but nevertheless they do expire; and if one is embedded in a smart TV, fridge or security system, the consequence is that it will stop connecting while giving users little clue about what has gone wrong.
"We're coming to a point in time now where there are lots of CA Root Certificates expiring in the next few years simply because it's been 20+ years since the encrypted web really started up and that's the lifetime of a Root CA certificate. This will catch some organisations off guard in a big way," says Helme.
One potentially significant date is 30 September 2021, when the DST Root CA X3 certificate used by many Let's Encrypt certificates expires.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/06/10/iot_trouble_root_certificates_expire/
Related news
- Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries (source)
- Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates (source)
- WeChat devs introduced security flaws when they modded TLS, say researchers (source)
- Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers (source)
- Apple Opens PCC Source Code for Researchers to Identify Bugs in Cloud AI Security (source)
- Germany drafts law to protect researchers who find security flaws (source)