Experts from the Department of Homeland Security’s Cybersecurity and Infrastructure Protection Agency (DHS CISA) warned that GPS devices could run into problems over the coming weekend due to a bug in the GPS Daemon. This is a temporary error affecting Network Time Protocol (NTP) servers with a GPS Daemon (GPSD) on board.
CISA says that the error will manifest itself on Sunday, October 24, 2021, and its consequences are unpredictable. It is possible that many systems will simply stop responding or become unavailable. The fact is that on October 24, 2021, all Network Time Protocol (NTP) servers using GPSD versions 3.20 to 3.22 will go back 1024 weeks, to March 3, 2002.CURRENT ACTIVIY: On October 24, 2021, Network Time Protocol servers using bugged GPSD versions 3.20-3.22 may rollback the date 1,024 weeks—to March 2002—which may cause systems and services to become unavailable or unresponsive. Learn more: https://t.co/hlpdQviDJm pic.twitter.com/rlZMu1QGoj
— Cybersecurity and Infrastructure Security Agency (@CISAgov) October 22, 2021
The vulnerable versions of GPSD were reportedly released between December 31, 2019 and January 8, 2021, so many vulnerable GPS devices are still in use. The bug is somewhat similar to the famous “Y2K problem“, and so far no one can say for sure what kind of failures problem devices will face.
CISA urges device owners and operators to urgently update GPSD to version 3.23 released on 8 August 2021 or newer to avoid potential problems.
Bleeping Computer says that GPSD is a widely used service daemon that converts time data into useful information for client applications such as navigators and timekeeping solutions. Available for Linux, Unix, macOS and Android, this cross-platform open-source software is widely used in computers, phones, cars, robots, transaction verification systems, and more.
Accurate timing is essential for GPS devices, and real-time tracking requires an accuracy of at least 100 nanoseconds. GPS satellites measure time in weeks and seconds during an active week.
Every 1024 weeks (about 20 years), a number rollover phenomenon occurs in the system due to an integer overflow, and as a result, the internal value of the week counter is reset to zero. This internal problem was eventually resolved with additional code to help the device anticipate this event.
The last time this happened was on April 6, 2019, and then, due to a bug, flights were cancelled, wireless networks crashed and technical problems arose on old smartphones. The publication notes that although this has nothing to do with the latest GPSD error, it helps to imagine what impact such abrupt time shifts of this kind can have on global positioning systems.
This does not necessarily happen on the coming weekend, but experts strongly recommend not to risk it, install updates, and otherwise be prepared for surprises.
Let me remind you that we also wrote that Millions of IoT Devices are at Risk due to Bugs Found in Realtek Wi-Fi SDK.
