As of this Thursday, million cell phones Android and iPhone, as well as other devices, they will be left without internet access because on September 30 the root certificate that Let’s Encrypt currently uses, IdentTrust DST Root CA X3, necessary to check the security of connection to the web.
Scott Helme, a researcher specialized in computer security, detailed in his web page that users must act accordingly to nullify the expiration that will be imposed by the Certification Authority (THAT).
In addition, Helme indicated some of the devices that will be affected due to the expiration of the certificate and are those that have the following web navigation components:
Windows menores a XP SP3
MacOS less than 10.12.1
iOS less than system 10 (with iPhone 5 as the oldest model that can be updated to iOS 10).
Android less than 7.1.1 (although the units less than 2.3.6 will continue in operation with the ISRG Root X1 certificate with cross signal).
Mozilla Firefox less than version 50.
Java below version 8.
Java less than 7.
Many users will be affected by this expiration
The users that will continue to be affected by this expiration are “all that depend on the OpenSSL 1.0.2 or earlier library, released on January 22, 2015 and last updated as OpenSSL 1.0.2u on December 20, 2019,” the expert warned. on their website.
In addition, Helme made a list of possible affected devices, among which are:
Cell phone Blackberry, with versions less than 10.3.3
The operating system Jolla Sailfish OS, less than 18.104.22.168
The PS4 console with “firmware” or lower (more previous generation consoles that were not updated to recent firmware).
However, the entrepreneur and international speaker explained that “since old Android devices do not check the expiration date of a root certificate when they use it, Let’s Encrypt can continue to chain them up to the expired root certificate, without any problem on those old devices.”
The expert explained that this will not be the first time that a root CA certificate has expired. “I imagine it will follow the same trend as the previous expirations. If the root certificate that your certificate chain is anchored to is expired, it will most likely cause things to fail. This happened last year, on May 30, when the external root CA of AddTrust expired and took a lot of things. Organizations like Roku, Stripe, Spreedly and many others had problems and were not the only ones, even RedHat got in trouble from this unfortunate event, ”Helme reported.
As for the new certificate, which is called ISRG Root X1 cross-signed, it will be valid until September 30, 2024. According to Helme, to re-establish secure Internet connections, it will be necessary to update it on old devices.
IT MAY INTEREST YOU
(VIDEO) Apple sales exceed forecasts in demand for iPhone 5G