As IoT devices proliferate, a lot of them don’t get updated. Ever.
Some IoT devices automatically update themselves, but a lot of them do not have the smarts to do that.
Hopefully all of them talk to their controller over HTTTPS – encrypted traffic. But there is a problem with that. HTTPS certificates expire and the root certificate that is used to verify the validity of certificates expire to.
When that happens, the TV or fridge or light bulb can’t talk to its controller.
When that occurs, one of two things happens – (a) the smart device turns into a very dumb device or (b) the smart device turns into a non-working device.
This is exactly what happened last month to some Roku devices. They stopped working as a result. The good news is that Roku does have an update mechanism. It is not clear how many tech support calls they got as a result.
But is tech support even available for that formerly-smart device that you bought a few years ago? If it is, is it free or does it cost?
This is not limited to your refrigerator. It may include older phones too. It also affected BBC’s pay TV service recently.
Until recently, the problem was only theoretical, but after the issues during the last month, the problem is no longer theoretical.
One date to keep in mind is September 30, 2021. This is when the signing certificate for many Let’s Encrypt certificates expire. Replacing the certificate on the server does not solve this problem; you have to replace the root certificate on every single client that needs to access those servers.
This is going to be a bigger problem over the next few years, so if you are responsible for this for your company come up with a plan. Credit: The Register