CISA: GPS devices may behave unpredictably in the coming days due to a bug in the GPS Daemon

bug in GPS Daemon
Written by Emma Davis

Experts from the Department of Homeland Security’s Cybersecurity and Infrastructure Protection Agency (DHS CISA) warned that GPS devices could run into problems over the coming weekend due to a bug in the GPS Daemon. This is a temporary error affecting Network Time Protocol (NTP) servers with a GPS Daemon (GPSD) on board.

CISA says that the error will manifest itself on Sunday, October 24, 2021, and its consequences are unpredictable. It is possible that many systems will simply stop responding or become unavailable. The fact is that on October 24, 2021, all Network Time Protocol (NTP) servers using GPSD versions 3.20 to 3.22 will go back 1024 weeks, to March 3, 2002.

The vulnerable versions of GPSD were reportedly released between December 31, 2019 and January 8, 2021, so many vulnerable GPS devices are still in use. The bug is somewhat similar to the famous “Y2K problem“, and so far no one can say for sure what kind of failures problem devices will face.

The Network Time Protocol (NTP) is critical to providing accurate time tracking across the various systems that businesses and organizations rely on. Authentication mechanisms such as Time-based One-Time Password (TOTP) and Kerberos are also highly time-dependent. In the case of a serious timing discrepancy, users will not be able to authenticate and access the systems.says the SANS ISC description.

CISA urges device owners and operators to urgently update GPSD to version 3.23 released on 8 August 2021 or newer to avoid potential problems.

Bleeping Computer says that GPSD is a widely used service daemon that converts time data into useful information for client applications such as navigators and timekeeping solutions. Available for Linux, Unix, macOS and Android, this cross-platform open-source software is widely used in computers, phones, cars, robots, transaction verification systems, and more.

Accurate timing is essential for GPS devices, and real-time tracking requires an accuracy of at least 100 nanoseconds. GPS satellites measure time in weeks and seconds during an active week.

Every 1024 weeks (about 20 years), a number rollover phenomenon occurs in the system due to an integer overflow, and as a result, the internal value of the week counter is reset to zero. This internal problem was eventually resolved with additional code to help the device anticipate this event.

The last time this happened was on April 6, 2019, and then, due to a bug, flights were cancelled, wireless networks crashed and technical problems arose on old smartphones. The publication notes that although this has nothing to do with the latest GPSD error, it helps to imagine what impact such abrupt time shifts of this kind can have on global positioning systems.

This does not necessarily happen on the coming weekend, but experts strongly recommend not to risk it, install updates, and otherwise be prepared for surprises.

Let me remind you that we also wrote that Millions of IoT Devices are at Risk due to Bugs Found in Realtek Wi-Fi SDK.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply