The Y2K38 Bug Is a Vulnerability, Not Just a Date Problem, Researchers Warn

Miravi

Miravi

Level 9
Thread author
Verified
Well-known
Aug 31, 2024
417
2,974
768
USA
Content source
https://www.securityweek.com/the-y2k38-bug-is-a-vulnerability-not-just-a-date-problem-researchers-warn/
Widely known time-related software bugs that could cause significant disruptions when triggered in more than a decade are actually exploitable by hackers today, researchers warn.

One of the bugs, known as ‘The Year 2038 problem’ and Y2K38, could cause computers to malfunction on January 19, 2038. The issue affects systems that use a 32-bit integer to store time as the number of seconds that have passed since the Unix epoch (January 1, 1970). A 32-bit signed integer variable has a maximum value of 2,147,483,647, which will be reached on January 19, 2038. When the number exceeds its limit and overflows, systems will interpret the date as a negative number, resetting it to December 13, 1901.

Similarly, the ‘Year 2036 problem’ can cause significant disruptions in 2036. This issue is related to the use of the Network Time Protocol (NTP) epoch (January 1, 1900). It affects systems that use older versions of NTP and it will be triggered earlier, on February 7, 2036.

Triggering these rollover bugs can cause systems to crash and, in addition to causing disruptions, it can have significant cybersecurity implications.

In the case of industrial control systems (ICS) and other operational technology (OT) systems used in critical infrastructure, a time-stamping error could lead to a chain reaction of failures, causing systems to crash, data to become corrupted, or safety protocols to fail, potentially leading to physical damage or risk to human life.

In addition, many cybersecurity systems rely on accurate time, including SSL/TLS certificates, logging and forensics solutions, and time-based authentication and access systems. Threat actors could exploit the Y2K38 bug to bypass security, cause system outages, cover their tracks, or to gain unauthorized access to systems.
Click to expand...
www.securityweek.com

The Y2K38 Bug Is a Vulnerability, Not Just a Date Problem, Researchers Warn

The Year 2036/2038 problem is a bug that will be triggered in more than a decade, but hackers could exploit it today.
www.securityweek.com www.securityweek.com
 
  • Like
Reactions: Brownie2019, Parkinsond, Sorrento and 4 others
You must log in or register to reply here.

You may also like...