iOS Client Certificate Expiration - April 16, 2014

All iOS devices (iPhone/iPad in particular) have built-in client certificates that are issued by Apple, that identify them as “official” Apple iPhones. Without one of these certs, a service isn’t able to verify whether the device connecting to them is actually an iPhone or not. Apps are also capable of checking this certificate to ensure they’re running on a proper iPhone and not an emulation. I believe the certificates are issued at either time of manufacturing or at time of activation.

Either way, a large number (all?) of iPhones and iPads all recently shared the same certificate expiration date: “April 16, 2014, 6:55:02 PMTEST.”

Thanks to Twitter user @ryandolan123 for the screen cap.

When this certificate expired, any app or service that checked the client certificate for a valid iPhone failed. There were several affected services, including:

• Aruba ClearPass

• BBC iPlayer

• Sky Go Player

• Dish TV Player

• and many others…

Most of these issues ended up being resolved by the app producers disabling client certificate checking. I am wondering how Apple is going to handle reissuing these certificates, or if it’s even a concern for them.

Update: “Apparently FaceTime has also beenTaffected.”