Well, Here's Another Thing You Can Worry About

I know, I know. Your plate is full. I won't recite the litany of things already on your mind. We've already recited that list plenty of times. Speaking for myself, I religiously devote a solid hour every night, usually between the hours of 3 am and 4 am, to reciting the list. Well, here's another thing for the list: SSL certificates. In particular, they seem to be expiring.

If you own a Samsung Blu-ray player, and it's been acting funny lately (funny, but not in a ha-ha way) you should probably familiarize yourself with SSL certificates. In fact, if you own any piece of electronics manufactured in the last 20 years, you should do the same. Also, you might want to familiarize yourself with the term “bricked.”

You will recall Y2K, and how the world was supposed to end, but didn't. SSL certificates might just be another Y2K – much ado about nothing. Or, maybe the world will actually end. I'm not sure which. Let me try to explain.

Many electronic devices that connect to the internet (everything from TVs to fridges, from light bulbs to smart watches) use SSL/TLS encryption. The server sends an SSL certificate to the client such as a web browser or device. The client is equipped with a set of CA root certificates that it checks to see if the server is “trusted.” If so, the connection is made.

SSL certificates have expiration dates. A system administrator can easily renew a server's certificate if it's expiring. The root certificates in the clients might have lengthy expiration dates – maybe 20 years or more – but they will eventually expire. And it's been over 20 years since web encryption began, and time is up. A device doesn't have to be 20 years old to be vulnerable, it just has to have a set of old root certificates. At least one computer guru says that smart TVs in particular often leave the factory with elderly certificates.

A recent problem with some Samsung Blu-ray players may or may not be related to this. You can read about the sordid mess here, but the Cliff's Notes goes like this: some owners are reporting erratic behavior (the Blu-ray players, not necessarily their owners) such as endless boot loops, non response to button commands, and sudden shutdowns. More than one model is affected, and no one seems to know the cause. One theory is expired SSL certificates tangling with Samsung servers. Samsung is working to find a solution.

Alert readers might recall that I blogged about Google Home speakers awhile back, describing how the pesky things were bricking themselves. Another example of how smart devices can turn on their owners.

Other glitches in the matrix were definitely due to SSL: some Roku streaming channels stopped working on May 30. The problem was expired certificates. The company advised customers to install an update. Also on May 30, payment platforms Stripe and Spreedly were disrupted by expiring certificates. Internet sleuths found that indeed, on May 30 at 10:48:38 GMT, the AddTrust External CA Root had expired. Awkward.

Security expert Scott Helme expects the next "potentially significant date" to be Thursday, September 30, 2021, when CA certificates issued by DST Root CA X3 from IdenTrust will expire; it is used for Let´s Encrypt. That gives us some breathing room, but only if software updates are issued with new root certificates – for each and every potentially affected device. If an affected device is not updated, it will certainly fall offline on that day.

Even if an update is issued, there are many potential problems. For example, suppose your device is offline for awhile and is not updated, and its certificate expires. When you do turn it on, it might not be able to connect. Maybe you could download the update from another device, and try to manually install it, but that would only be possible if the device allowed that kind of interaction. Many won't.

So, it seems that our planet earth is entering a vast cloud of space certificate detritus. The question is, will we be treated to a meteor shower of bricked devices? I don't know. In any case, as with a real meteor shower, there's not much you or I can do about it. I just wanted to let you know.

Al – thanks for the tip on SSL certificates. I appreciate it. But please stop calling me at 3 am. I'm busy.

COMMENTS
hk2000's picture

The only "smart' device I have is a stereo "network" receiver, and I honestly don't care if it never connected to the internet again, and a "Smart" TV that is not connected to the internet. So ... expire away!

hk2000's picture

I can see a certificate issue preventing a player, or any device from accessing the internet or web content in general, but I don't see how it would prevent it from powering up- unless it is grossly miss-implemented by the "engineers"! The player should behave as if there is no internet access and proceed to boot normally, otherwise like I said, its a horrible implementation.

jeffhenning's picture

I can hang with my computer, phone, and theater system being computers. There is no way around that.

I think this whole "Smart" device mania is truly fraught with problems and always will be. Who really needs a Smart fridge? A networked washer and dryer? A thermostat that can be accessed on the web?

While this SSL certificate bug is odd, it's not unexpected. Thankfully, any of my older equipment no longer is used in any capacity that involves it accessing servers.

All of my streaming services are now handled by an Nvidia Shield Pro. It's a pain in the ass to set up for playing MKV files, but it's head and shoulders better for streaming that my TV or Blu-ray. I'll have recycled that box by the time that this issue arises.

David Vaughn's picture

I just picked one up and can't find a good program for MKV files either. What are you using?

jeffhenning's picture

After trying VLC & Plex to no avail, I settled on Kodi. It's a pain in the ass to configure and it's interface is rather confusing & labyrinthine, but, after going through that torture, it works really well.

I either couldn't get to my NAS via the other apps or it needed my password to log on (ridiculous) and then balked at it. I've never seen anything like this.

Once I got the Shield logged on the first time to the NAS, Kodi offered no problems.

The only issue I've run into is the unit not adjusting to the proper frame rates of the streaming content. It either drops frames or inserts them. For MKV's, though, automatically playing the files at the proper frame rate seems to work fine.

David Vaughn's picture

I've ran into the exact same issue with the password for my NAS and just gave up on it out of frustration. I'm going to have a few days off of work and will troubleshoot it then (along with having an ample supply of beer to drown my frustrations)!

trynberg's picture

I don't understand you or David Vaughn's problems playing MKV on the Shield. I've been playing them through Plex for over 2 years, including 4k HDR rips. The automatic frame rate and resolution switching works (nearly) flawlessly.

What problem are you having?

jeffhenning's picture

The app-based paradigm is a blessing and a curse.

With VLC, I could not get past signing in to the NAS. After resetting the NAS passwords for the user, admin and guest accounts twice and not being able to log in at all, I trashed VLC.

With Plex, the NAS was recognized, but it refused to recognize any of the volumes on it. Since one of the volumes is "Movies", there shouldn't be a problem. I could find no way to discover the content on the NAS with Plex.

Synology makes a very basic media hub app and that wouldn't recognize the volumes on the NAS at all. Ain't that a kick in the balls. It's a Synology NAS.

Since I design web applications for a living, I have no tolerance for this type of moronic BS. I was ready to kill someone before I was done. This should be incredibly easy to do. I wasted 4 hours of my life sorting this out.

Kodi works really well. The interface, though, needs some serious help to make it logical and intuitive.

David Vaughn's picture

I have a Synology NAS as well, so maybe that's where the problem is. To call it frustrating is an understatement.

prerich45's picture

I have a home brew NAS using xigmanas as the OS. I'm an IT guy so no problem there. I'm currently at 20TB and will upgrade to 40TB by 2021 more than likely.

prerich45's picture

I'm not using Plex, I'm using Media Center (Jriver) and I'm using a Roku Ultra with no issues playing MKV at all. I can stream from my Nas to any tv in my home.

mround's picture

I got the boot loop. It's unfixable by the user unless there's a way to create a USB stick that will boot the player.

I have another suspect for the Samsung problem, perhaps coincidental, perhaps not. Netflix in January stopped allowing connections with the Netflix app installed on most hardware from 2014 and older. That happens to include all of the Samsung products that have bricked. I've had firmware updates before that simply remove apps - that's all that my Panasonic plasma has ever gotten - and it hasn't affected the TV function itself. So if Samsung was finally getting around to removing the Netflix app, did they botch it in so as to destroy the rest of the system? They must really want us to buy a new player/TV, and since they no longer sell BD & media players, from whom?

Yes, a certificate failure could have done it too, and in the bigger picture is more likely, but I wouldn't ignore the possibility of a botched update removing Netflix.

supamark's picture

but my Blu-ray player is from like 2017 so it's not the Netflix thing. Hopefully it's just a cert so Samsung can fix it and I don't have to buy a new player (doubt I'll ever buy another Samsung product though, their sh!t is definitely *not* together and there's so many other good choices).

X