Smart home devices may not be so smart, after all. According to security experts who spoke to TechRadar, a growing number of smart home devices may suddenly stop working. And it’s not just one device, this mass shut down could affect hundreds and thousands of televisions, refrigerators and other household devices around the world.
The issue lies in the device’s security certificates, which are close to being expired. For an appliance to connect to a web server, the device must use an encrypted connection for this communication. These connections use Secure Sockets Layer (SSL) certificates or Certificate Authority (CA) root certificates, which are used by devices to confirm they are authorized to make a connection with a web server. These certificates have expiration dates, and when they expire, the devices are no longer allowed to establish a secure connection.
This sounds benign, but it already is wreaking havoc for Roku owners who can no longer access some channels on their streaming devices. Roku blamed the outages on expired security certificates and advised customers to upgrade their devices.
“Due to a global technical certificate expiration, select streaming channels on the Roku platform that rely on this certificate chain may not be working as expected.”Roku
Shortly after Roku had issues, payment processing platforms Stripe and Speedly both experienced outages due to expired CA Root certificates. Experts warn that this is only the beginning of a cascade of expired certificates. Most of these certificates were issued 20 years ago and are now reaching their expiration dates. Companies often forget about these small details and may be taken by surprise when their service goes down due to an expired security certificate.
Fixing this issue is harder than it appears. It usually requires both the company and the consumer to work together to apply the correct upgrades. Customers need to install updates regularly, while companies must renew their security certificates and bundle this new information into upgrades.
This process assumes customers are willing and able to install an update. A smart home appliance may no longer be connected to a network and may have difficulty receiving any updates to its software.