How would you stay if we told you that your Android, iPhone or Windows mobile – if you still use one of the latter – is going to be unable to access the Internet from today? Well, that will happen to literally thousands of smartphones and devices without updating due to a change in the way the Network of Networks handles security.
Thousands of mobiles without Internet
Thousands of Apple Windows, Android and iPhone devices will lose their Internet access today thanks to a new and important update of the web. Although the vast majority of modern devices will continue to function normally, older devices may lose access to the Internet completely.
If you have an older iPhone with an update prior to iOS 10 -the current version is iOS 15, just released-, or an Android phone that has not been renewed by Google since version 7.1.1 -We are on Android 13- you could lose it. Why? By the HTTPS root certificate, a small piece of software that encrypts your Internet connection and keeps your device safe.
The root certificate DST Root CA X3
Older devices that have not been updated in years will not be able to use the new certificate, which means that the vast majority of websites will stop working. The Let’s Encrypt DST Root CA X3 root certificate, used for years and years as a root certificate to create trust links between online devices, expired September 30, 2021 since it was issued on September 30, 2000, more than two decades ago.
And to continue browsing the Internet, to have that secure access, a new root certificate is necessary “to browse the web safely and protect yourself from hackers”, since without this updated certificate, Clients such as web browsers will not trust the old one because it is expired, which will cause a lack of connection due to security issues and no access to the Internet.
Even to the Wii
The change will also affect to old Internet browsers and even to macOS and the Nintendo Wii. Security researcher Scott Helme notes that “some things will probably break“, when explaining the reason for the change in a blog post, ”This won’t be the first time a root CA certificate has expired and I imagine it will follow the same trend as previous expirations where things get broken“.
To avoid losing access to the Internet, It is vital that users of these older devices update their software as soon as possible or move to a new phone, laptop, etc. -Something also recommended since we are talking about equipment that is very old. The problem is that in some cases, the manufacturer will not have released the necessary update because the equipment is too old or because it is not interested.
Hemle has compiled on his blog operating systems, browsers, clients and versions that will be left without the Internet. They include:
Clients and Operating Systems
- OpenSSL lower than version 1.0.2
- Windows lower than version XP SP3
- macOS lower than version 10.12.1
- iOS lower than version 10 (iPhone 5 is the oldest model that can have iOS 10)
- Android lower than version 7.1.1 (but Android 2.3.6 will work also if cross-signing with ISRG Root X1 certificate is used)
- Mozilla Firefox lower than version 50
- Ubuntu lower than version 16.04
- Debian lower than version 8
- Java 8 lower than version 8u141
- Java 7 lower than version 7u151
- NSS lower than version 3.26
- Amazon FireOS (Silk Browser)
- Cyanogen superior a v10
- Jolla Sailfish OS superior a v188.8.131.52
- Kindle superior a v3.4.1
- Blackberry greater than or equal to 10.3.3
- PS4 con firmware inferior a 5.00
- IIS (Internet Information Services)