Rollover Bug in the GPS Daemon (GPSD) (27th October 2021)

Ref# AL2021_37 | Date: Oct 27th 2021

Researchers from the Cybersecurity & Infrastructure Security Agency (CISA) have released a security alert exposing a major infrastructure vulnerability for owners and operators that rely on GPS time to be aware of a GPS Daemon (GPSD) flaw in GPSD versions 3.20 through 3.22.

Summary

For those who recall the “Y2k bug,” also known as the “millennium bug,” people believed that by the year 2000, equipment linked to the internet would adjust their time to a lower value. In the year 2021, it is feasible owing to a defect discovered in the GPS system that is capable of doing so.

How it works

GPSD is a GPS service daemon for Linux, OpenBSD, Mac OS X, and Windows that collects data from GPS receivers and makes it available to computers through TCP port 2947. Android phones, drones, robot submarines, self-driving automobiles, manned military equipment, and a variety of other devices all have this capability.

Aside from your current location, the GPS can also tell where you are in time. The main civil GPS signal broadcasts the GPS week number utilizing a 10-digit code with a maximum value of 1023 weeks to accomplish this. This means that the GPS week number in the code resets to zero after nineteen years and seven months.

However, in a reflection of the millennium bug, a flaw in older GPSD versions, could cause a roll back in time after October 23, 2021. The error derives from the code subtracting 1024 from the week number on October 24th, 2021 resulting in the Network Time Protocol (NTP) servers using a broken GPSD version to roll back time to March 2002, instead of October 2021.

Remediation

It is recommended that users who have older versions of GSPD (3.20-3.22) update their GPS systems to the latest version, which is version 3.23.1.

The Guyana National CIRT recommends that users and administrators review this alert and apply it where necessary.
PDF Download: Rollover Bug in the GPS Daemon.pdf

References