The expiration of one of the most widely used security certificates could lead to major malfunctions.
Like many users, every day your smartphone is used to connect to the Net to install a new application, check the weather forecast or the weekend sports results. A mechanical gesture that might not be possible anymore from September 30th, making the precious tool much less interesting. The problem is highlighted by Scott Helme, a computer security researcher, through a long message published on his blog. He states that on September 30, a major certificate will expire and says " You may or may not need to do anything about this expiration, but I bet some things will probably not work on that day.
This is a rather catastrophic message that will bring the older among us back to the famous "Y2K bug" - which fortunately did not have such dramatic consequences - and which needs to be explained in more detail. It all starts with the IdenTrust DST Root CA X3 security certificate from the Let's Encrypt Certificate Authority. This certificate is used to verify another widely used certificate, ISRG Root X1. The problem is that many older devices still use this certificate to validate their connections to the Net. However, on September 30th, this certificate will expire and, if we believe Scott Helme, will lead to a loss of Internet access for the machines concerned.
Precisely, which machines are concerned? In reality, it is mainly devices marketed before 2017 and especially those that are not updated regularly. Scott Helme says that for smartphones running Android, the problem will affect Android 2.3.6 - Gingerbread - or older. This may sound awfully archaic today, but Scott Helme estimates that a third of Android phones could actually be affected: the question is whether the system updates were done carefully. Even more troublesome, though we have time this time: starting in 2024, it's Android 7.1.1 Nougat that will be required to keep the connection.
Android phones are not the only ones affected, and Scott Helme also mentions, in no particular order, Mac computers running macOS 10.12.0 or earlier and iPhones running iOS 9 or earlier. He also talks about devices that one might not think of so much as PlayStation 4s if the console's firmware is older than version 5.00. On his blog, Scott Helme lists all the machines and platforms affected, and while he admits that he cannot estimate the extent of the problem, he is convinced that (too many) users will inevitably be affected. One of the possible solutions if no update is available for your device, would be to use web browsers like Firefox that use their own security certificates. Of course, owners of relatively new hardware are not at risk.
