Are your mobile devices ready for the transition to SHA2? If not – or if you have never heard of SHA2 – then you might face some application access headaches now and significant security risks down the road.
Secure Hash Algorithm 2 (SHA2) is the next generation of the cryptographic hash functions designed by the National Security Agency. Until last year, the the most commonly used hash was the preceding SHA1 function, which is no longer effective because of its cryptographic weaknesses.
The SHA is the part of an SSL certificate used to ensure that data has not been modified. If the hash values are different, data has likely been changed. SHA2 is more secure than its predecessor, and many industries now require its use. As of last year, SHA1 algorithms are treated as untrusted for most certificate types, per the SHA1 deprecation policies of major technology vendors like Microsoft.
What SHA2 Means for Mobile Device Users
Upgrades of your server infrastructure and back-end ERP software will affect existing devices in your company. Are those devices compatible with SHA2? In some deployments, SHA certificates are used so that client applications can access cloud or server data or to synchronize databases between mobile devices and the server.
Older releases of the Windows Embedded Handheld (WEH) 6.5 operating system running on rugged mobile devices only recognized SHA1, but a patch was issued to support SHA2 encryption. For companies that do not support SHA2 in their rugged handheld fleets, there could be application and access glitches. According to Honeywell, you may need a SHA2 upgrade if you’ve received this error message:
“Microsoft Exchange: The security certificate on this server is not valid. Contact your Exchange Server administrator or ISP to install a valid certificate on the server. Support code: 0x80072F0D.”
Should You Transition to SHA2?
In the long-run it will be more cost-effective to upgrade to devices that support SHA2. Your back-end server infrastructure and enterprise applications will require SHA2 security. In addition, SHA2 is simply much more secure.
As the compute power of hackers and other cyber criminals increases, the mathematics behind SHA1 are simply not robust enough to ensure that your data is safe. That’s why companies like Mozilla, Microsoft, Google and others have raced to implement SHA2. The cost to successfully conduct what is known as a “collision attack” (in which multiple inputs can generate the same hash) has dropped rapidly, making such attacks much more feasible.
Given the ubiquity of mobile devices in the enterprise and the increased use of Web-based apps and cloud services in line-of-business use cases, it is critical that companies protect all potential attack vectors – even the rugged handhelds used by their warehouse or field service staff.
Can You Just Add a Software Patch?
While a full hardware upgrade just to enable SHA2 might seem difficult to justify financially, companies should also consider OS migration costs and requirements.
That’s why simply adding a software patch isn’t going to be a useful long-term strategy. The end-of-life dates for the various Windows operating systems have already past or are rapidly approaching. Embedded CE 6.0 reached that point this summer, and Windows Embedded 8.1 Handheld and Embedded Handheld 6.5 will lose support in 2019 and 2020, respectively. Not only will these older devices lack any useful support for their operating platforms, they may also have expired root certificates and present a security vulnerability.
By transitioning rugged hardware to the Android platform, companies can future-proof their mobile applications now, while also upgrading to the more secure SHA2 model.
