The Y2K38 Bug Is a Vulnerability, Not Just a Date Problem, Researchers Warn

One of the bugs, known as ‘The Year 2038 problem’ and Y2K38, could cause computers to malfunction on January 19, 2038. The issue affects systems that use a 32-bit integer to store time as the number of seconds that have passed since the Unix epoch (January 1, 1970). A 32-bit signed integer variable has a maximum value of 2,147,483,647, which will be reached on January 19, 2038. When the number exceeds its limit and overflows, systems will interpret the date as a negative number, resetting it to December 13, 1901.

In the case of industrial control systems (ICS) and other operational technology (OT) systems used in critical infrastructure, a time-stamping error could lead to a chain reaction of failures, causing systems to crash, data to become corrupted, or safety protocols to fail, potentially leading to physical damage or risk to human life.

In addition, many cybersecurity systems rely on accurate time, including SSL/TLS certificates, logging and forensics solutions, and time-based authentication and access systems. Threat actors could exploit the Y2K38 bug to bypass security, cause system outages, cover their tracks, or to gain unauthorized access to systems.

Attackers could use various time manipulation methods such as GPS spoofing, NTP injection, file format field tampering, and protocol timestamp manipulation to set the time on a targeted system to the year 2036 or 2038 to trigger the bugs whenever they wish.

To read the complete article see: The Y2K38 Bug Is a Vulnerability, Not Just a Date Problem, Researchers Warn