Slashdot Mirror

← Back to Stories (view on slashdot.org)

Millions of Smartphones in 11 Countries Were Taken Offline Yesterday by an Expired Certificate (theverge.com)

Posted by msmash on from the closer-look dept.

Ericsson has confirmed that a fault with its software was the source of yesterday's massive network outage, which took millions of smartphones offline across the UK and Japan and created issues in almost a dozen countries. From a report: In a statement, Ericsson said that the root cause was an expired certificate, and that "the faulty software that has caused these issues is being decommissioned." The statement notes that network services were restored to most customers on Thursday, while UK operator O2 said that its 4G network was back up as of early Friday morning.

Although much of the focus was paid to outages on O2 in the UK and Softbank in Japan. Ericsson later confirmed to Softbank that issues had simultaneously affected telecom carriers who'd installed Ericsson-made devices across a total of 11 countries. Softbank said that the outage affected its own network for just over four hours.

18 of 34 comments (clear)

  1. Working as designed. by grep+-v+'.*'+* · · Score: 1

    Why is this a story again, because someone (thing) forgot to renew a cert that then affected a few (for large values) countries? It should be news if it HADN'T have dropped them out.

    OTOH these are the people tasks with keeping your phones and conversations "safe." What OTHER minor things have they overlooked? (Everyone, not just them. They're just at the head of the line right now.)

    --
    If the universe is someone's simulation -- does that mean the stars are just stuck pixels?
    1. Re:Working as designed. by Littleman_TAMU · · Score: 1

      I agree with the sentiment, but since this caused a cell network outage it's a bigger story. Also, the fact that a large company like this didn't have procedures in place for tracking renewal of certificates makes it a bigger deal. Like you mention, if they don't have these procedures in place, it calls into question how they're handling keys and other security-related items.

  2. Stuff like this has me thinking twice ... by Qbertino · · Score: 1

    ... about using a major player smartphone. Eyeing and considering Sailfish and old Blackberry on a regular basis.

    --
    We suffer more in our imagination than in reality. - Seneca
  3. People, rotate your certificates! by netwiz · · Score: 1

    It canâ(TM)t be considered critical enough. At work we have three teams that get alarms of expiring certificates, just to make sure it doesnâ(TM)t fall through the cracks. The next phase will be complete automation of the renewal process against the internal CA, with a review before the final deployment of the renewed cert.

  4. You misunderstand. by Anonymous Coward · · Score: 5, Informative

    This wasn't Ericsson brand cell phones going offline because of this certificate. This was *ENTIRE CELL NETWORKS* going offline because the backend hardware's certificates were being rejected because they expired without replacement certificates in place.

    Having a different brand of cell phone doesn't help if your phone is rightly rejecting expired certificates from the cell network, or if the cell network is not authorizing new cellular connections because it can't connect to servers.

    This was likely a backend problem, either with authentication servers for the basestation/router licenses, or some centralized bckend service that was actually web based.

    1. Re:You misunderstand. by phantomfive · · Score: 1

      Things like "Certificate renewal" and "DNS renewal" should have reminders (or errors, or whatever) in your monitoring tool, well in advance. That can be an extra double-check to make sure you get it done, in case you forget (or quit, and someone replaces you has to do it).

      --
      "First they came for the slanderers and i said nothing."
    2. Re:You misunderstand. by bill_mcgonigle · · Score: 1

      Things like "Certificate renewal" and "DNS renewal" should have reminders (or errors, or whatever) in your monitoring tool,

      Some of my clients have every piece of infrastructure monitored that can possibly go wrong, and some that probably can't.

      Meanwhile, our local ILEC will happily tell you that they don't need to monitor anything because customers will call and let them know what's out.

      The difference? The ILEC is not subject to competitive pressures; they benefit from a monopoly grant from the State and are happy to bank the [minuscule] spending decrease to the detriment of their customers. The State also appears to be happy with that balance, and those customers vote to support that State. This is why dystopian novels get written.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  5. Re:Only smartphones? by Goose+In+Orbit · · Score: 1

    It probably did...

    SMS messages were either not arriving at all, or erroneously being declared as such (I pity the poor soul who may have got a bunch of "Is o2 up yet?" messages from me because I was being told they hadn't been delivered)

    Voice calls ... not so sure, but the system would have been overloaded due to people resorting to speaking to each other on their handsets

  6. Re:Only smartphones? by jabuzz · · Score: 1

    It only broke data connections, and possibly SMS. So you could still make a call.

  7. Re:Only smartphones? by nogginthenog · · Score: 1

    Only in the morning. By afternoon my phone & my colleagues were unable to make calls.

  8. Thanks Ericsson by PPH · · Score: 1, Insightful

    Time to switch to Huawei.

    --
    Have gnu, will travel.
  9. Security theater again by Micah+NC · · Score: 1

    Along with half of all malicious websites having TLS / SSLs ...

    Goes to show our security systems are more hazardous than the bad guys.

  10. And we still want self driving cars? by capt_peachfuzz · · Score: 1

    As a thought experiment, what will it look like when this happens to a network of connected self driving cars?

    I say "when", not "if". I can't think of a way that this doesn't happen someday.

    For starters, emergency vehicles will not be able to get through the resulting traffic jams after a few million cars come to a stop.

    On the bright side, you'll probably still be able to read the ads on the entertainment system

  11. Re:Only smartphones? by Calydor · · Score: 1

    "Alright Alice, now for the next 200 MB file for payroll, enter the following ..."

    --
    -=This sig has nothing to do with my comment. Move along now=-
  12. When will these amateurs learn? by gweihir · · Score: 1

    We need to start doing IT with professionals. You know, with people that actually have a clue what they are doing. Sure, they will cost more individually, but overall the whole thing will get a lot cheaper as such major pathetic fuckups will become very rare.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  13. Re:Certificates are such a pain in the dick. by sabri · · Score: 1

    You fucking nerds need to figure out

    Having worked at Ericsson for 5 years, I can tell you this: the nerds are not the problem. The problem is that in Ericsson, every engineer is managed by multiple managers. Instead of the normal pyramid where you have let's say 10 engineers and 1 manager, Ericsson has an upside down pyramid. Each engineer has multiple managers that each want their own projects to take priority. Not to mention that the engineer:manager ratio is waaaay off.

    Not to mention the fact that promotions take place based on speaking the right language. And by that I mean: speaking Swedish.

    I quite Ericsson in 2013 and never looked back. And never will.

    --
    I'm not a complete idiot... Some parts are missing.
  14. We need to talk about your TPS reports by Joe_Dragon · · Score: 1

    We need to talk about your TPS reports

  15. Total Inability To Support Users Phones by PPH · · Score: 1

    n/t

    --
    Have gnu, will travel.