Let's Encrypt Will Stop Working For Older Android Devices:
Let's Encrypt was founded in 2012, going public in 2014, with the aim to improve security on the web. The goal was to be achieved by providing free, automated access to SSL and TLS certificates that would allow websites to make the switch over to HTTPS without having to spend any money.
The project has just announced that, come September 1, 2021, some older software will stop trusting their certificates. Let's look at why this has come to pass, and what it means going forward.
When Let's Encrypt first went public in early 2016, they issued their own root certificate, by the name ISRG Root X1. However, it takes time for companies to include updated root certificates in their software, so until recently, all Let's Encrypt certificates were cross-signed by an IdenTrust certificate, DST Root X3. [...]
The problem looming on the horizon is the expiration of DST Root X3, on September 1, 2021. Of course, for those running up-to-date operating systems and browsers, there's no major issue. But for those on platforms that haven't been updated since 2016 or so, and don't support the ISRG Root X1 certificate, things will break. [...]
Basically it's the same old issue that we see over and over again. Older handsets are not receiving OS updates from the vendors so security issues are not fixed, certificates expire, and newer algorithms are not implemented. As the article mentions, the vendors have little incentive to spend money supporting older handsets that they have already sold. They would rather you jump right back on the merry go round and buy a new one. Lather, rinse and repeat as needed.
Related Stories
Let's Encrypt comes up with workaround for abandonware Android devices:
Things were touch-and-go for a while, but it looks like Let's Encrypt's transition to a standalone certificate authority (CA) isn't going to break a ton of old Android phones. This was a serious concern earlier due to an expiring root certificate, but Let's Encrypt has come up with a workaround.
[...] Yesterday, Let's Encrypt announced it had found a solution that will let those old Android phones keep ticking, and the solution is to just... keep using the expired certificate from IdenTrust? Let's Encrypt says "IdenTrust has agreed to issue a 3-year cross-sign for our ISRG Root X1 from their DST Root CA X3. The new cross-sign will be somewhat novel because it extends beyond the expiration of DST Root CA X3. This solution works because Android intentionally does not enforce the expiration dates of certificates used as trust anchors. ISRG and IdenTrust reached out to our auditors and root programs to review this plan and ensure there weren't any compliance concerns."
(Score: 5, Touché) by driverless on Wednesday December 09 2020, @11:24AM
So who needs an external attacker performing a DoS when your security infrastructure will do it for you?
(Score: 5, Insightful) by TheRaven on Wednesday December 09 2020, @11:44AM
I have an old Android 2.3 handset that I was considering setting up as a Music Player Demon device a couple of years back. Android 2.3 has an old set of root certs and there's no update available. The format of the bundle changed some time around 3.x or 4.x and so back-porting it was non-trivial. Even after that, a bunch of things (including the F-Droid repository) mandated a newer version of the TLS stack than these things provided.
That said, these versions of Android also contain known kernel vulnerabilities and vulnerabilities in network-connected privileged services, so it's a really bad idea to connect them to the Internet at all. They're just contributing to the e-waste problem at this point.
sudo mod me up
(Score: 2) by epitaxial on Wednesday December 09 2020, @01:30PM (1 child)
My iPhone 6 from 2014 is still getting regular OS updates.
(Score: 2, Informative) by Anonymous Coward on Wednesday December 09 2020, @03:09PM
So you won't be impacted by this. Good show.
For those that might, there are potential solutions:
1. Update the certificate store on your phone (requires 'root'), cf. http://wiki.cacert.org/FAQ/ImportRootCert#Android_Phones_.26_Tablets [cacert.org] ;
2. Update the certificate store in your browser (this will only help with web pages, not other apps), e.g., https://letsencrypt.org/2020/11/06/own-two-feet.html#if-you-use-an-older-version-of-android [letsencrypt.org] ;
3. Install a newer version of Android. Many older phones are supported by LineageOS [lineageos.org]. The latest version (LineageOS 17.x) is equivalent to Android 10. Flashing a new version isn't hard, but you'll want to back up your existing system first, then install a recovery partition (like TWRP [twrp.me]. Detailed discussion/instructions about doing this can be found in multiple places:
https://www.androidauthority.com/lineageos-install-guide-893303/ [androidauthority.com]
https://www.makeuseof.com/tag/install-custom-rom-android/ [makeuseof.com]
https://www.howtogeek.com/162516/how-to-flash-your-nexus-s-or-any-other-android-device-with-a-new-rom/ [howtogeek.com]
https://www.howtogeek.com/173206/5-reasons-to-install-a-custom-android-rom-and-why-you-might-not-want-to/ [howtogeek.com]
https://www.xda-developers.com/how-to-install-custom-rom-android/ [xda-developers.com]
Note that if you have Android version 7.1 (Nougat [wikipedia.org], released 22 August 2016) or later, you won't be affected by this issue and can just ignore it.
(Score: 0) by Anonymous Coward on Wednesday December 09 2020, @05:07PM (4 children)
ssllabs will rate my setup lower than A if I want to support older devices, and Wikipedia has just cut off my IOS5 install for not supporting current standards.
I think sites should default to higher security but support older devices too.
(Score: 1, Informative) by Anonymous Coward on Wednesday December 09 2020, @05:42PM (2 children)
I understand your frustration, but that's actually a pretty bad idea.
In fact, SSL/TLS downgrade attacks [wikipedia.org] are pretty well known and have been used quite a bit.
Known weaknesses in SSL3/TLS1.0/TLS1.1, allowing session hijacking and other compromises is why those protocols are deprecated.
So no. Allowing those older protocol versions is a *really* bad idea.
That doesn't really help you with your IOS 5 device, but it does help most everyone else.
(Score: 0) by Anonymous Coward on Wednesday December 09 2020, @09:37PM (1 child)
This is a bit disingenous.
Yes, there are totally insecure modes in TLS and yes downgrade attacks are a thing.
However such attacks only really affects users of old devices. All the known downgrade attacks in TLS are fixed in the latest and greatest devices provided you implement TLS_FALLBACK_SCSV on your server. Moreover user agents are literally in the process of removing support for broken TLS modes completely which obviously renders them immune to such downgrades. People who maintain up-to-date equipment will generally not be affected by downgrade attacks.
So if your position is "fuck everyone who doesn't have the latest, they can just upgrade" then OK, you can just disable everything but the latest and greatest protocols.
But if you want your web site to be accessible to as many users as possible, well that's not a very friendly position.
Most websites are read-only things and secure connections are not critically important to everyone when they're e.g., just reading the front page of soylentnews or an article on wikipedia.
(Score: 0) by Anonymous Coward on Wednesday December 09 2020, @10:24PM
GP was complaining about how he couldn't use his IOS 5 device on various websites. [soylentnews.org]
You tell him what you want him to do.
As for me, my websites (the ones that that support/require SSL at least) only allow TLS1.2/1.3 with strong ciphers. Do what you like with yours.
(Score: 1, Informative) by Anonymous Coward on Wednesday December 09 2020, @06:20PM
That would be nice, but unfortunately older SSL/TLS are so broken that enabling support for older devices can in a lot of cases result in low security. It's been a bad few years for these things, lots of flaws found such that if support for older devices is enabled at all, that an attacker can downgrade a connection involving a newer device that would otherwise be considered secure.
Writing secure software is hard. Specifying secure protocols is also hard, apparently, as evidenced by how much of it has been found to be wrong.
Perhaps a better approach might be for newer client software to disable support for older servers, and for servers to continue to support old clients? Guessing there's hesitation for browser vendors do so because it'll just result in "but it works in browser X" complaints and loss of market share. Maybe Google can get away with it now...
(Score: 2) by everdred on Wednesday December 09 2020, @09:19PM (2 children)
> Lather, rinse, legislate and repeat as needed.
(Score: 0, Disagree) by Anonymous Coward on Wednesday December 09 2020, @10:26PM (1 child)
Huh? Come again? Are you sure you posted in the right discussion?
This has nothing to do with legislation, regulation or any sort of government activity.
(Score: 2) by everdred on Friday December 11 2020, @11:29PM
Perhaps it should. Sounds like the invisible hand of the free market isn't doing its job, and some consumer protection enforcement is needed.