blog.malwarebytes.com Open in urlscan Pro
130.211.198.3  Public Scan

Form analysis
3 forms found in the DOM

<form><span class="fieldset">
    <p><input type="checkbox" value="check" id="chkMain" checked="checked" class="legacy-group-status optanon-status-checkbox"><label for="chkMain">Active</label></p>
  </span></form>

GET

<form id="search-form" onsubmit="submitSearchrightrail(event)" method="get">
  <div class="searchbar-wrap-rightrail">
    <label for="cta-labs-rightrail-search-submit-en" aria-label="cta-labs-rightrail-search-submit-en" aria-labelledby="cta-labs-rightrail-search-submit-en">
      <input type="text" id="st-search-input-rightrail" class="st-search-input-rightrail" placeholder="Search Labs">
    </label>
    <button type="submit" id="cta-labs-rightrail-search-submit-en" aria-label="Submit your search query"><span class=""><img src="https://blog.malwarebytes.com/wp-content/themes/mb-labs-theme/images/search.svg" alt="Magnifying glass"></span>
    </button>
  </div>
</form>

//www.malwarebytes.com/newsletter/

<form class="newsletter-form form-inline" action="//www.malwarebytes.com/newsletter/" _lpchecked="1">
  <div class="email-input">
    <label for="cta-footer-newsletter-input-email-en" aria-label="cta-footer-newsletter-input-email-en" aria-labelledby="cta-footer-newsletter-input-email-en">
      <input type="text" class="email-input-field" id="cta-footer-newsletter-input-email-en" name="email" placeholder="Email address">
    </label>
    <input name="source" type="hidden" value="">
    <input type="submit" class="submit-bttn" id="cta-footer-newsletter-subscribe-email-en" value="">
  </div>
</form>

Text Content

Who doesn't like cookies?

We use cookies to help us enhance your online experience. If that sounds good,
click “Accept All Cookies” or review our Privacy and Cookie Policy.


Close
Accept All Cookies


 * Your Privacy

 * Strictly Necessary Cookies

 * Performance Cookies

 * Functional Cookies

 * Targeting Cookies

 * More Information

Privacy Preference Center

Active

Always Active



Save Settings

Allow All

The official Malwarebytes logo The official Malwarebytes logo in a blue font B

We research. You level up.

       
Personal
Personal
 * Security & Antivirus
 * Malwarebytes for Windows
 * Malwarebytes for Mac
 * Malwarebytes for Chromebook
 * Malwarebytes Browser Guard
 * Overview

 * Security & Antivirus for Mobile
 * Malwarebytes for Android
 * Malwarebytes for iOS
 * Online Privacy
 * Malwarebytes Privacy VPN

 * Get Started
 * Explore all Personal Products
 * Explore Pricing

 * FREE TRIAL OF MALWAREBYTES PREMIUM
   
   Protect your devices, your data, and your privacy—at home or on the go.
   
   Get free trial

Business
Business
   Solutions
 * BY COMPANY SIZE
 * Small Business
    1-99 Employees 
 * Mid-size Businesses
    100-999 Employees
 * Large Enterprise
    1000+ Empoyees
 * BY INDUSTRY
 * Education
 * Finance
 * Healthcare

   Products
 * NEXT-GEN ANTIVIRUS FOR SMALL BUSINESSES
 * For Teams
 * ENTERPRISE-CLASS PROTECTION, DETECTION, AND REMEDIATION
 * Endpoint Protection
 * Endpoint Detection & Response
 * Incident Response
 * Remediation for CrowdStrike®
 * ADVANCED SERVER PROTECTION
 * Endpoint Protection for Servers
 * Endpoint Detection & Response for Servers
 * CLOUD-BASED SECURITY MANAGEMENT AND SERVICES PLATFORM
 * Nebula

 * Get Started
 *  * Find the right solution for your business
    * See business pricing
   
   --------------------------------------------------------------------------------
   
    * Don't know where to start?
    * Help me choose a product
   
   --------------------------------------------------------------------------------
   
    * See what Malwarebytes can do for you
    * Get a free trial
   
   --------------------------------------------------------------------------------
   
    * Our team is ready to help. Call us now
    * +1-800-520-2796

Pricing
Partners
Partners
 * Explore Partnerships

 * Partner Solutions
 * Resellers
 * Managed Service Providers
 * Computer Repair
 * Technology Partners

 * Partner Success Story
 * Marek Drummond
   Managing Director at Optimus Systems
   
   "Thanks to the Malwarebytes MSP program, we have this high-quality product in
   our stack. It’s a great addition, and I have confidence that customers’
   systems are protected."

 * See full story

Resources
Resources
 * Learn About Cybersecurity
 * Antivirus
 * Malware
 * Ransomware
 * See all
 * Malwarebytes Labs
 * Explore

 * Business Resources
 * Reviews
 * Analyst Reports
 * Case Studies
 * See all
 * Press & News
 * Learn more

 * Events
 * 
   
   
   
   Featured Event: RSA 2021

 * See Event

Support
Support
 * Technical Support
 * Support
 * Premium Services
 * Forums
 * Vulnerability Disclosure

 * Training for Personal Products
 * Training for Business Products

 * Featured Content
 * 
   
   
   
   Activate Malwarebytes Privacy on Windows device.

 * See Content

FREE TRIAL
CONTACT US
COMPANY
Company
 * About Malwarebytes
 * Careers
 * News & Press

SIGN IN
Sign In
 * My Account
 * Cloud Console
 * Partner Portal

SUBSCRIBE


Save 25% today on your first year of EP or EDR - See offer

Awareness


A BUG IS ABOUT TO CONFUSE A LOT OF COMPUTERS BY TURNING BACK TIME 20 YEARS

Posted: October 22, 2021 by Pieter Arntz

Marty, watch out!

For those of you that remember the fuss about the Y2K bug, this story may sound
familiar.

The Cybersecurity & Infrastructure Security Agency (CISA) has issued a warning
to Critical Infrastructure (CI) owners and operators, and other users who get
the time from GPS, about a GPS Daemon (GPSD) bug in GPSD versions 3.20 through
3.22.


Y2K

If you don’t remember the Y2K bug, let me remind you quickly. Before the year
2000, lots of computer programs kept track of the year by remembering the last
two digits instead of all four. Programs coded this way would work correctly
until the first day of the new millennium, when they would assume they’d been
transported back in time 100 years to 1900.

Some computer programs don’t care what time it is, but others do, and there were
genuine fears that getting the date wrong by -100 years might cause the the
lights to go out, or for planes to fall from the sky.

In the end, those big problems didn’t materialize, because everyone received a
warning or two, or twenty, way in advance, and there was enough time to take
action and fix the broken code.


WHAT’S THE BUG NOW?

Alongside telling you where in space you are, the Global Positioning System
(GPS) can also tell you where in time you are. To do this, it keeps a count of
the number of weeks since January 5, 1980. The main civil GPS signal broadcasts
the GPS week number using a 10-bit code with a maximum value of 1,023 weeks.
This means every 19.7 years, the GPS week number in the code rolls over to zero.

GPSD is a GPS service daemon for Linux, OpenBSD, Mac OS X, and Windows. It
collects data from GPS receivers and makes that data accessible to computers,
which can query it on TCP port 2947. It can be found on Android phones, drones,
robot submarines, driverless cars, manned military equipment, and all manner of
other embedded systems.

Unfortunately, in an echo of the Y2K bug, a flaw in some versions of GPSD could
cause time to roll back after October 23, 2021. The buggy versions of the code
reportedly subtract 1024 from the week number on October 24, 2021. This would
mean Network Time Protocol (NTP) servers using the broken GPSD versions would
think it’s March 2002 instead of October 2021.


HOW BAD IS IT?

For computer systems that have no other time reference, being thrown back in
time can cause several security issues. From the perspective of incident
handling and incident response, well-synchronized time across systems
facilitates log analysis, forensic activities and correlation of events. Losing
track of what happened when, can lead to missed incidents.

Even worse is getting shut out. NTP servers using the bugged GPSD version would
get thrown back almost 20 years. The Network Time Protocol (NTP) is responsible
in many cases to ensure that time is accurately kept. Various businesses and
organizations rely on these systems. Authentication mechanisms such as
Time-based One-Time Password (TOTP) and Kerberos also rely heavily on time. As
such, should there be a severe mismatch in time, users would not be able to
authenticate and gain access to systems.

The same would happen in cases where authentication relies on cookies. Websites
and services relying on expiring cookies do not respond favorably to cookies
from two decades in the future.

And speaking from experience, the last GPS week number reset to zero occurred on
April 6, 2019. Many GPS-enabled devices that were not properly designed to
account for the rollover event exhibited problems on that date. Other equipment
became faulty several months before or after that date, requiring software or
firmware patches to restore their function.


MITIGATION

Since the affected versions of GPSD are versions 3.20 through 3.22 users should
upgrade to version 3.23.1. Going back to older versions such as 3.19 and 3.20 is
not recommended since they are unsupported and had bugs. For organizations that
are using GPS appliances or rely on GPSD, it is recommended to check if GPSD is
being utilized anywhere in the infrastructure and check its corresponding
version. It is likely that an upgrade to GPSD will be required if no recent
upgrades were performed.

It is also good for system administrators to make a mental note of the date
October 24, 2021. If systems that had been authenticating normally start to have
authentication issues after the weekend, it could be due to a mismatched date
and time.

If you would like to be spared of this roll-back problem completely, the GPS
modernization program is adding new civilian signals to the GPS system.


PERSONAL NOTE

Should your system go back to 2002, can you instruct it to tell me to invest in
Bitcoin, please?


RELATED

SHARE THIS ARTICLE

--------------------------------------------------------------------------------

COMMENTS



--------------------------------------------------------------------------------

RELATED ARTICLES

--------------------------------------------------------------------------------

ABOUT THE AUTHOR

Pieter Arntz
Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four
languages. Smells of rich mahogany and leather-bound books.


Contributors


Threat Center


Podcast


Glossary


Scams


Write for Labs

CYBERSECURITY INFO YOU CAN'T DO WITHOUT

Want to stay informed on the latest news in cybersecurity? Sign up for our
newsletter and learn how to protect your computer from threats.



Imagine a world without malware. We do.

FOR PERSONAL

FOR BUSINESS

COMPANY

ABOUT US

CAREERS

NEWS AND PRESS

MY ACCOUNT

SIGN IN

CONTACT US

GET SUPPORT

CONTACT SALES

3979 Freedom Circle, 12th Floor
Santa Clara, CA 95054
One Albert Quay, 2nd Floor
Cork T12 X8N6
Ireland

   English
Legal
Privacy
Accessibility
Terms of Service


© 2021 All Rights Reserved

Select your language

 * English
 * Deutsch
 * Español
 * Français
 * Italiano
 * Português (Portugal)
 * Português (Brasil)
 * Nederlands
 * Polski
 * Pусский
 * 日本語
 * Svenska

Cybersecurity basics

Your intro to everything relating to cyberthreats, and how to stop them.