Millions of Android, Windows and iPhone users could lose internet access in a few DAYS
A range of popular gadgets – such as Windows laptops and older iPhone and Android smartphones – could soon lose access to the internet. A security expert is warning that an upcoming change that kicks in on Thursday September 30 could have huge implications for a wide range of devices made by leading, household names. The potential internet block is all due to the HTTPS security protocol.
Even if you’re not too familiar with tech jargon, you likely have heard of – or be aware of – HTTPS (aka Hypertext Transfer Protocol Secure).
Whenever you visit a website in browsers such as Chrome you may have spotted a padlock icon in the address bar.
This signifies a website is using HTTPS, meaning the site is secure and any information you enter into it is protected.
So why does this matter to Android, Apple iPhone and Windows users?
Well, on Thursday September 30 a root certificate – which is used to encrypt connections between devices and the web, and is crucial to the HTTPS protocol – will be expiring.
After this date, devices and web browsers, will no longer trust certain certificates called IdentTrust DST Root CA X3.
For the vast majority of devices, this won’t cause issues. But for older gadgets thatw haven’t been updated in years (and won’t be entitled to use the new certificate) it could cause them to lose access to the internet.
READ MORE: Google is shutting down an Android app used by millions, here’s why
That’s according to a blog post from Scott Helme, with the security researcher betting “a few things will probably break” this coming Thursday.
In the article online Helme said: “This will not be the first time a root CA certificate has expired and I imagine it will follow the same trend as previous expirations where things break. If the root certificate that your certificate chain anchors on is expired then there’s a good chance it’s going to cause things to fail.”
To avoid facing any hair raising problems this Thursday, you should make sure your device isn’t running an update at risk.
The impacted root certificates have been issued by non-profit organisation Let’s Encrypt, who have in total issued over two billion certificates – accounting for a large chunk of the web.
Let’s Encrypt has a post online that details the clients that will break due to the upcoming IdenTrust DST Root CA X3 root certificate expiration.
For iPhone users, you need to make sure you’re not running an update lower than iOS 10. For Android smartphone users, make sure you’re not running version 7.1.1 of the Google software.
Windows users need to make sure they don’t run anything lower than Windows XP SP3. And if you’ve got a Mac then you need to make sure you’re not running a version below 10.12.1.
Helme said there were a few other platforms that needed “further investigation to see if they will fail after the IdenTrust DST Root CA X3 expire”.
This includes Amazon Kindle eReaders running a patch below v3.4.1 and a PS4 games console running firmware less than 5.00.
Here is a full list of the impacted software versions…
AFFECTED CLIENTS
OpenSSL <= 1.0.2
Windows < XP SP3
macOS < 10.12.1
iOS < 10 (iPhone 5 is the lowest model that can get to iOS 10)
Android < 7.1.1 (but >= 2.3.6 will work if served ISRG Root X1 cross-sign)
Mozilla Firefox < 50
Ubuntu < 16.04
Debian < 8
Java 8 < 8u141
Java 7 < 7u151
NSS < 3.26
Amazon FireOS (Silk Browser)
REQUIRES FURTHER INVESTIGATION
Cyanogen > v10
Jolla Sailfish OS > v1.1.2.16
Kindle > v3.4.1
Blackberry >= 10.3.3
PS4 game console with firmware >= 5.00
IIS
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.