Well, Here's Another Thing You Can Worry About

I know, I know. Your plate is full. I won't recite the litany of things already on your mind. We've already recited that list plenty of times. Speaking for myself, I religiously devote a solid hour every night, usually between the hours of 3 am and 4 am, to reciting the list. Well, here's another thing for the list: SSL certificates. In particular, they seem to be expiring.

If you own a Samsung Blu-ray player, and it's been acting funny lately (funny, but not in a ha-ha way) you should probably familiarize yourself with SSL certificates. In fact, if you own any piece of electronics manufactured in the last 20 years, you should do the same. Also, you might want to familiarize yourself with the term “bricked.”

You will recall Y2K, and how the world was supposed to end, but didn't. SSL certificates might just be another Y2K – much ado about nothing. Or, maybe the world will actually end. I'm not sure which. Let me try to explain.

Many electronic devices that connect to the internet (everything from TVs to fridges, from light bulbs to smart watches) use SSL/TLS encryption. The server sends an SSL certificate to the client such as a web browser or device. The client is equipped with a set of CA root certificates that it checks to see if the server is “trusted.” If so, the connection is made.

SSL certificates have expiration dates. A system administrator can easily renew a server's certificate if it's expiring. The root certificates in the clients might have lengthy expiration dates – maybe 20 years or more – but they will eventually expire. And it's been over 20 years since web encryption began, and time is up. A device doesn't have to be 20 years old to be vulnerable, it just has to have a set of old root certificates. At least one computer guru says that smart TVs in particular often leave the factory with elderly certificates.

A recent problem with some Samsung Blu-ray players may or may not be related to this. You can read about the sordid mess here, but the Cliff's Notes goes like this: some owners are reporting erratic behavior (the Blu-ray players, not necessarily their owners) such as endless boot loops, non response to button commands, and sudden shutdowns. More than one model is affected, and no one seems to know the cause. One theory is expired SSL certificates tangling with Samsung servers. Samsung is working to find a solution.

Alert readers might recall that I blogged about Google Home speakers awhile back, describing how the pesky things were bricking themselves. Another example of how smart devices can turn on their owners.

Other glitches in the matrix were definitely due to SSL: some Roku streaming channels stopped working on May 30. The problem was expired certificates. The company advised customers to install an update. Also on May 30, payment platforms Stripe and Spreedly were disrupted by expiring certificates. Internet sleuths found that indeed, on May 30 at 10:48:38 GMT, the AddTrust External CA Root had expired. Awkward.

Security expert Scott Helme expects the next "potentially significant date" to be Thursday, September 30, 2021, when CA certificates issued by DST Root CA X3 from IdenTrust will expire; it is used for Let´s Encrypt. That gives us some breathing room, but only if software updates are issued with new root certificates – for each and every potentially affected device. If an affected device is not updated, it will certainly fall offline on that day.

Even if an update is issued, there are many potential problems. For example, suppose your device is offline for awhile and is not updated, and its certificate expires. When you do turn it on, it might not be able to connect. Maybe you could download the update from another device, and try to manually install it, but that would only be possible if the device allowed that kind of interaction. Many won't.

So, it seems that our planet earth is entering a vast cloud of space certificate detritus. The question is, will we be treated to a meteor shower of bricked devices? I don't know. In any case, as with a real meteor shower, there's not much you or I can do about it. I just wanted to let you know.

Al – thanks for the tip on SSL certificates. I appreciate it. But please stop calling me at 3 am. I'm busy.

COMMENTS
hk2000's picture

The only "smart' device I have is a stereo "network" receiver, and I honestly don't care if it never connected to the internet again, and a "Smart" TV that is not connected to the internet. So ... expire away!

hk2000's picture

I can see a certificate issue preventing a player, or any device from accessing the internet or web content in general, but I don't see how it would prevent it from powering up- unless it is grossly miss-implemented by the "engineers"! The player should behave as if there is no internet access and proceed to boot normally, otherwise like I said, its a horrible implementation.

mround's picture

I got the boot loop. It's unfixable by the user unless there's a way to create a USB stick that will boot the player.

I have another suspect for the Samsung problem, perhaps coincidental, perhaps not. Netflix in January stopped allowing connections with the Netflix app installed on most hardware from 2014 and older. That happens to include all of the Samsung products that have bricked. I've had firmware updates before that simply remove apps - that's all that my Panasonic plasma has ever gotten - and it hasn't affected the TV function itself. So if Samsung was finally getting around to removing the Netflix app, did they botch it in so as to destroy the rest of the system? They must really want us to buy a new player/TV, and since they no longer sell BD & media players, from whom?

Yes, a certificate failure could have done it too, and in the bigger picture is more likely, but I wouldn't ignore the possibility of a botched update removing Netflix.

supamark's picture

but my Blu-ray player is from like 2017 so it's not the Netflix thing. Hopefully it's just a cert so Samsung can fix it and I don't have to buy a new player (doubt I'll ever buy another Samsung product though, their sh!t is definitely *not* together and there's so many other good choices).

X