September 30: the day that Smart TV and other devices run out of Internet

Having devices always connected to the Internet requires that they be secure. For this reason, encryption is used in the connections to prevent attackers from spying on the traffic and even taking control of these devices thanks to the use of certificates . However, there are many devices abandoned by manufacturers that are going to be without Internet in just a week.

Smart TV and other devices run out of Internet

Companies like Let’s Encrypt are dedicated to offering SSL certificates that, for example, HTTPS web pages use, and that must be renewed from time to time; usually every several years. For the device to trust these certificates, it needs to have a root certificate pre-installed . The duration of these certificates is much longer, and can be 20 or 25 years .

A root certificate expires on September 30

The first root certificates began to be issued 20 years ago , so the first ones will be close to expiring. One of the most serious problems is that these old certificates have been in use until not long ago, which is why there are relatively recent devices that can be left without using the Internet if the manufacturer does not update them.

To that is added what is going to happen with the Let’s Encrypt DST Root CA X3 CA certificate, which expires on September 30, 2021 at 4:01:15 PM Spanish time . All devices that do not update the certificate by that date will not be able to do so through the Internet if they have the necessary mechanism to do so. Therefore, it will be mandatory to download the corresponding firmware by hand and install it through the USB port that the device has.

This already happened two years ago, where on May 30, 2019 at 11:48 Spanish time, many Roku devices stopped working, not being able to access the Internet or the company’s channels. Other online services such as SugarSync, RoboForm or Stripe also suffered the same failure. In this case, Roku had released a new software version with a new certificate, but many devices had not installed it.

The problem is that other devices do not have update mechanisms to solve this failure, so that they will be isolated from the Internet forever in a flagrant case of planned obsolescence. Therefore, although there are Certificate Authorities (CA) such as Let’s Encrypt that update the certificates , there are manufacturers that use the old ones.

Windows XP will run out of Internet

This is not going to be a problem for recent computers or mobiles, since the certificates they use are relatively modern, and are constantly updated to avoid this problem. Currently, on Android, all versions after 2.3.6, can continue to access the Internet until September 2024.

However, there are other devices that will be affected. For example, any computer that uses Windows XP with Service Pack 3 will no longer be able to access the Internet as of next week. The same is true for versions of macOS prior to 2016 , with customers using OpenSSL 1.0.2 or earlier, or PlayStation consoles that have not been updated to the latest firmware. Beyond that, it is not known with certainty how many devices will be left without access to the Internet, so we will have to wait until the 30th to see what happens.