When out-of-date code causes chaos
- Published
A report from the US Congress has revealed that credit agency Equifax's 2017 network breach, which affected 143 million people, was not spotted because of an expired software certificate
Last week, mobile operator O2 blamed a similar issue for causing a network blackout which affected the UK.
But what is a digital certificate and why do they expire?
And will similar administrative errors continue to dog the industry and cause widespread havoc?
What is a digital certificate?
Digital certificates are basically small pieces of code created by using sophisticated mathematics that ensure that communication between devices or websites are sent in an encrypted manner, and are therefore secure.
They play an essential role in keeping IT infrastructure up and running safely and are issued by certificate authorities, who electronically vouch that the certificates are genuine. When issued, these certificates are given an expiration date of anything between a few months and several years.
Digital certificates are issued for a variety of software that encrypts communications, including those embedded in hardware.
In O2's case it seems that a certificate linked to network equipment installed by Ericsson was the weak link.
Equifax's certificate was linked to crucial software that monitored the network for suspicious traffic, meaning the hackers were not spotted in time.
While some think that the reason they expire is to allow the authorities to keep charging for renewals, there are some valid reasons why they need to be regularly updated - including changing technology, new vulnerabilities to encryption and the ownership of the certificate changing hands.
What went wrong?
In O2's case, the certificate reached its expiry date, which in turn meant that when different parts of the network attempted to communicate securely, they no longer trusted each other and refused to connect.
The details about what caused O2's network to fail have not yet been made public but commentators are speculating.
"So, imagine it was a web server certificate that failed. Suddenly it would have tried to make a secure connection with another piece of equipment which would have replied, 'no, I can't trust you' and rejected it," said Prof Alan Woodward, a computer scientist from University of Surrey.
"Some of this equipment is 10 years old and the programmer may have put in a certificate with a 10-year shelf life, thinking 'this will last'."
In the worst-case scenario, someone would have to physically go to the affected equipment, whether it be a web server or a phone mast, to put a new certificate on it.
"I can't imagine how many bits of equipment needed a manual update," said Prof Woodward.
In Equifax's case, the certificate in question was linked to software which monitored the network for suspicious traffic and had expired 19 months ahead of the breach.
"That means that they weren't monitoring their network for hackers for a long time and I think they will come in for a lot of criticism for that," said Prof Woodward.
Are there likely to be more failures?
There are billions of certificates in circulation and, with the internet of things flourishing and connecting ever more devices to the web, more are needed each day.
What is needed is a mechanism to make sure they are renewed when necessary, said Tim Callan, a senior fellow at certificate issuer Sectigo.
"As business becomes digital in increasingly complex and ubiquitous ways, all enterprises need to protect themselves from repeating this disastrous outcome. A best practice in so doing is to automate the discovery, monitoring, and renewal of certificates of all types.
"The proliferation of certificates and ever-increasing complexity of IT infrastructure has made it more and more challenging for IT professionals to stay on top of this component of their networks."
- Published15 September 2017