Millions of smartphones were taken offline by an expired certificate

Posted on Dec 9, 2018

Millions of smartphones were taken offline by an expired certificate

Ericsson has confirmed that a fault with its software was the source of yesterday’s massive network outage, which took millions of smartphones offline across the UK and Japan and created issues in almost a dozen countries. In a statement, Ericsson said that the root cause was an expired certificate, and that ‘the faulty software that has caused these issues is being decommissioned.’ The statement notes that network services were restored to most customers on Thursday, while UK operator O2 said that its 4G network was back up as of early Friday morning.

Although much of the focus was paid to outages on O2 in the UK and Softbank in Japan. Ericsson later confirmed to Softbank that issues had simultaneously affected telecom carriers who’d installed Ericsson-made devices across a total of 11 countries. Softbank said that the outage affected its own network for just over four hours.

Ericsson’s admission suggests the outage was entirely preventable. Certificates ensure the validity of software and help keep things secure. The fact that one was able to expire means that the outage was likely caused by insufficient maintenance.

Ericsson isn’t the only company to have fallen prey to the perils of expiring certificates. Back in 2013, Xbox Live and Azure both suffered downtime as a result of an expired certificate, while in 2015, some Mac App Store users were forced to delete and reinstall software after a certificate used to verify apps expired. This year, an expired certificate caused Oculus Rift headsets to become inoperable unless users set their computer’s dates back in time.