Issues with Roku and other IoT devices

Recently, a number of Roku streaming channels mysteriously stopped working, leaving customers scratching their heads trying to figure out what went wrong.

After some research, Roku's support staff discovered that the issue stemmed from a global certificate expiration.

They advised impacted customers to update their certificates manually by visiting the company's website and following the instructions posted there.

Since Roku's announcement, both Stripe and Spreedly experienced similar disruptions that traced back to the same root cause. This issue has revealed a hidden flaw in the design of many, if not most Internet of Things devices, and many of them will ultimately suffer the same fate.

IoT devices are becoming increasingly popular, but unfortunately, making use of them is fraught with peril. Most have no security at all, and few have anything more than the most rudimentary security protocols in place and can be hacked with relative ease.

Worse, as this issue highlights, many IoT devices simply have no means of receiving updates automatically, which puts users on the hook to manually update every smart device they have in their homes.

Security researchers had this to say about the issue

"This problem was perfectly demonstrated recently, on 30 May at 10:48:38 GMT to be exact. That exact time was when the AddTrust External CA Root expired and brought with it the first signs of trouble that we've been expecting for some time."

"We're coming to a point in time now where there are lots of CA Root Certificates expiring in the next few years simply because it's been 20+ years since the encrypted web really started up and that's the lifetime of a Root CA certificate. This will catch some organizations off guard in a big way."

Our perspective

Heme notes that the next potentially significant date will be 20th September 2021, when the CA certificates issued by DST Root CA X3 are slated to expire. If you have one or more IoT devices in your home, be aware, and be prepared to manually intervene when they stop working.

~ As Hill Street Blues' Sgt. Esterhaus always advised: "Hey, let's be careful out there! " ~

 

The author

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available on LinkedIn, Facebook, and Twitter.

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT SupportI am Denis Wilson, President and Principal Consultant for DWP Information Architects. I build people / process / technology solutions to create better business outcomes for smaller enterprises in Los Angeles. I have created cost-effective personal service automation solutions, for over 20 years, specializing in reliability, cybersecurity, and regulatory compliance. I am also a published author and speaker, working extensively with business and professional associations to provide small business technology education programs.

Contact me if you would like me to speak at your association