TLS 1.2 and You: Why You NEED to Upgrade Your Security
If you’re using devices that run TLS 1.0 or 1.1, it’s imperative you change them.
With hacking techniques constantly growing more effective, it’s crucial that your UCC security is constantly updated to keep up. This also applies when it comes to one of the most long standing systems protecting communication networks: TLS.
Short for “Transport Layer Security,” TLS is a security protocol that keeps communications unreadable to eavesdroppers — but only if it’s a version that’s up to date. This is crucial to note because, due to improved code-cracking from hackers, the oldest versions of TLS, 1.0 and 1.1, are now vulnerable to attacks.
Unfortunately, this means that any devices that still use TLS 1.0 or 1.1 jeopardize the security of your entire network. Because many devices using these versions cannot be upgraded, you should immediately replace any hardware using TLS 1.0 or 1.1 with models that use a more reliable version, TLS 1.2.
You can find Wildix devices that are end-of-life due to TLS issues here.
To explain why it’s so crucial to upgrade any hardware running TLS 1.0/1.1, let’s discuss the topic in more detail.
What is TLS?
TLS is a security procedure used between two parties — a client and a server — when exchanging information over the internet.
This procedure begins with the client and the server identifying themselves, then agreeing on both a private and shared code to use in a process known as a “handshake.” After this, the connection is secure because both the client and the server are communicating through advanced cryptographic techniques, meaning only they can understand it.
In short, TLS encodes online data in such a way that even if a hacker broke into your network to listen in, they can neither understand nor decode your information.
What’s Different About TLS 1.2?
An inherent weakness in TLS is that the security it offers boils down to secure ciphers. By design, TLS is only secure so long as its codes cannot be cracked by an outsider.
Unfortunately, this is exactly the issue with TLS 1.0 and 1.1: the ciphers these protocols create can be decoded by an outside party.
The problem here comes down to the methods of encryption that TLS 1.0 and 1.1 use, in particular a means of encoding (called a “hashing algorithm”) known as SHA-1. By now, the codes that SHA-1 generates can be cracked with fairly rudimentary tools, meaning hackers can potentially listen in on conversations encrypted with TLS 1.0 or 1.1.
This kind of flaw in cryptography is what TLS 1.2 was designed to fix. Rather than use SHA-1, TLS 1.2 uses the updated hashing algorithm SHA-256, which is still complex enough and secure enough to remain uncracked.
As far as security goes, the difference is black and white: TLS 1.2 uses encryption that can’t be broken, while TLS 1.0 and 1.1 will always be at risk of exposure. As a result, Google Chrome and other major browsers suspended their support for TLS 1.0/1.1 in early 2020, meaning accessing them through outdated TLS devices may cause compatibility issues.
What Could Happen If I Don’t Switch?
There are two worst-case scenarios of leaving TLS 1.0/1.1 UCC devices on your network.
First, hackers or other intruders will have an easier time intruding on any communications you send over the internet. Practically speaking, this means attackers can intercept and decrypt phone calls, videoconferences or text messages, or pose as a genuine user on your network and receive communications from you directly.
Obviously, either scenario can easily result in confidential information — including corporate intel, passwords or even financial details — being leaked. Furthermore, if either happens, you won’t even know your messages are being intercepted, as if TLS is decrypted it can’t safeguard your system any further.
Second, using TLS 1.0/1.1, entities from outside your organization can register themselves on your UCC devices by obtaining a device’s credentials. The fallout of this security breach can be immediate. Once on your network, hackers can use your devices to place phone calls, which in a worst-case scenario can rack up thousands of dollars in international dialing expenses after only a few days.
Again, it cannot be overemphasized that both these outcomes are entirely possible so long as TLS 1.0/1.1 devices remain on your network. The only way to safeguard yourself from financial loss and identity exposure in this manner is to make the switch to TLS 1.2.
For added security on your network, consider making use of Wildix, the only platform on the market that’s 100% secure by design for safe communications without external SBCs or VPNs. Read the full details on how Wildix achieves that security in our security white paper.