A key digital certificate for smart devices has expired, and experts say it could leave a lot of older tech without a secure way to connect online.
As we have come to rely on smart devices more and more, we also have come to rely on the internet to access the information we need. To access that information, though, smart devices are given digital certificates, which help them connect securely to websites and other online content, ensuring the data you’re sharing isn’t accessed by unknown parties. With IdenTrust DST Root CA X3 expiring at the end of September, though, the security of those older devices could be in jeopardy, or they could stop connecting online altogether.
“Root certificates are used to issue specific certificates to websites/servers. Often, smart devices connect to an API or other website, and they should do that securely over HTTPS/TLS,” Ryan Toohil, chief technology officer at Aura, an online security firm, explained to Lifewire in an email.
“To facilitate that, the root certificates are shipped with common systems, OSes, etc. Without the root trust, your smart device would either not connect securely (over HTTPS) or would just fail to connect.”
The reason these certificates are so important is they play a direct part in how devices connect to the internet. Without a secure connection, your login information and any confidential data you enter online can be intercepted and stolen by bad actors.
Cybercrime is expected to reach an annual cost of $10.5 trillion by 2025, meaning we’re probably going to see more and more data breaches and attacks against consumer information in the next few years. Scams, phishing attempts (which try to get you to give your information away freely), and other online cybercrime have continued to grow, as more and more users connect to the internet and use it on a daily basis.
However, without digital certificates to help securely connect devices to the right servers and online services, users’ data would be at an even higher risk than it is now.
“Given the importance of the data that smart devices often have, such as video of your home and family, information about when you are or aren’t home, etc, it is incredibly important that the devices connect securely, both so that your data is encrypted while it traverses the internet, but also so that your device is able to be sure that it’s talking to the real API or website, and not someone impersonating it,” Toohil said.
The big problem with digital certificates isn’t their expiration, though. Even with this certificate expiring, IdenTrust already has implemented another to replace it. The biggest problem people have to worry about when it comes to these security certificates is companies actually making them easy to access and download to their devices.
“Without the root trust, your smart device would either not connect securely (over HTTPS) or would just fail to connect.”
Unfortunately, with the current state of OS updates for smart devices, getting new digital certificates isn’t the fastest thing in the tech world. And, if you’re running an older device, chances are you’ve probably already gone years without any updates, which means there’s no chance to get an updated certification from the device manufacturer. This is why Toohil recommends buying devices from companies with a reputation for delivering updates in a timely manner.
“The only thing users [can really do is] buy smart devices from companies with a good history of shipping updates, and be diligent about updating when new software is released,” he said.
“Very often, the root certificates are installed on the devices, and for smart devices, not getting updated root certificates immediately means that the device either will stop functioning or will be sending your data around insecurely.”