Every business has to do their housekeeping to keep everything operating smoothly, and tech companies are no different. When major companies commit a preventable error that affects millions of people across the world, it’s just unforgivable.
Ericsson admitted in a blog post that they were responsible for millions of phones in eleven countries going offline after they allowed a certificate to expire.
Multiple Ericsson customer networks reported network disturbances. This led to the company jumping into action to restore services to these networks as soon as possible.
The Ericsson blog noted the company “had identified an issue in certain nodes in the core network resulting in network disturbances for a limited number of customers in multiple countries using two specific software versions of the SGSN-MME.”
The President and CEO of Ericsson, Börje Ekholm, noted that the “faulty software” had caused the issues and that it was being “decommissioned.” He apologized to everyone who was affected and explained they tried to limit the impact of what their customers ultimately experienced.
The blog added that “an initial root cause analysis indicates that the main issue was an expired certificate in the software versions installed with these customers. A complete and comprehensive root cause analysis is still in progress. Our focus is now on solving the immediate issues.”
Ultimate Effects of the the ‘Expired Certificate”
The Verge reports that the the expired certificate that Ericsson faced “took millions of smartphones offline across the UK and Japan and created issues in almost a dozen countries.” Most of the focus was given to the outages experienced by the O2 network in the UK and Softbank network in Japan.
It’s also assumed from the description of the problem that this outage was preventable. As much as we talk about security, while we need to take care of it on our end, so do the companies we entrust. Ericsson should have some type of maintenance in play to ensure certificates don’t expire.
Not that Ericcson is alone in that shame. Throughout the past five years, Xbox Live, Windows Azure, the Mac App Store, and Oculus Rift have all had issues with expired certificates.
It just seems inexcusable with the heightened awareness we have for security to be having issues with expired certificates. Shouldn’t it be the job of someone in particular to renew those and make sure it’s done within an acceptable time?
What are your thoughts? Is it inexcusable for a major tech company to be having this problem? Or do you think these types of things are just going to happen? Tell us what you think about Ericsson’s expired certificate in the comments.
Image credit: Cotxe d’Ericsson and public domain