What is GPS' 19 year rollover and does it present a cybersecurity issue?
$begingroup$
The NPR new item and audio podcast The Global Positioning System Resets talks about a 19 year cycling of something in the GPS system, but it's not clear what it is.
Every 19 years, the Global Positioning System resets a measure of time built into its program. The latest rollover is Saturday and NPR's Scott Simon asks cybersecurity expert Frank Cilluffo about it.
It's Y2K for GPS. The Global Positioning System was designed with a limit for the number of weeks it could count. Every 19 years, the program reaches that limit and the count resets. That happens tonight. What might happen tonight? Frank Cilluffo is director of the McCrary Institute for Critical Infrastructure Protection and Cyber Systems. He joins us now from the campus of Auburn University. Thanks so much for being with us.
- What is it exactly that cycles or "rolls over" every 19 years?
- Is it in any way analogous to y2k?
- Is there any cybersecurity issue associated with the rollover more subtle than GPS simply not working for some users? For example, is there some hacking potential associated with this moment?
gps gnss
asked 2 hours ago
uhohuhoh
40.5k18149511
$endgroup$
add a comment |
$begingroup$
The NPR new item and audio podcast The Global Positioning System Resets talks about a 19 year cycling of something in the GPS system, but it's not clear what it is.
Every 19 years, the Global Positioning System resets a measure of time built into its program. The latest rollover is Saturday and NPR's Scott Simon asks cybersecurity expert Frank Cilluffo about it.
It's Y2K for GPS. The Global Positioning System was designed with a limit for the number of weeks it could count. Every 19 years, the program reaches that limit and the count resets. That happens tonight. What might happen tonight? Frank Cilluffo is director of the McCrary Institute for Critical Infrastructure Protection and Cyber Systems. He joins us now from the campus of Auburn University. Thanks so much for being with us.
- What is it exactly that cycles or "rolls over" every 19 years?
- Is it in any way analogous to y2k?
- Is there any cybersecurity issue associated with the rollover more subtle than GPS simply not working for some users? For example, is there some hacking potential associated with this moment?
gps gnss
asked 2 hours ago
uhohuhoh
40.5k18149511
$endgroup$
add a comment |
$begingroup$
The NPR new item and audio podcast The Global Positioning System Resets talks about a 19 year cycling of something in the GPS system, but it's not clear what it is.
Every 19 years, the Global Positioning System resets a measure of time built into its program. The latest rollover is Saturday and NPR's Scott Simon asks cybersecurity expert Frank Cilluffo about it.
It's Y2K for GPS. The Global Positioning System was designed with a limit for the number of weeks it could count. Every 19 years, the program reaches that limit and the count resets. That happens tonight. What might happen tonight? Frank Cilluffo is director of the McCrary Institute for Critical Infrastructure Protection and Cyber Systems. He joins us now from the campus of Auburn University. Thanks so much for being with us.
- What is it exactly that cycles or "rolls over" every 19 years?
- Is it in any way analogous to y2k?
- Is there any cybersecurity issue associated with the rollover more subtle than GPS simply not working for some users? For example, is there some hacking potential associated with this moment?
gps gnss
asked 2 hours ago
uhohuhoh
40.5k18149511
$endgroup$
The NPR new item and audio podcast The Global Positioning System Resets talks about a 19 year cycling of something in the GPS system, but it's not clear what it is.
Every 19 years, the Global Positioning System resets a measure of time built into its program. The latest rollover is Saturday and NPR's Scott Simon asks cybersecurity expert Frank Cilluffo about it.
It's Y2K for GPS. The Global Positioning System was designed with a limit for the number of weeks it could count. Every 19 years, the program reaches that limit and the count resets. That happens tonight. What might happen tonight? Frank Cilluffo is director of the McCrary Institute for Critical Infrastructure Protection and Cyber Systems. He joins us now from the campus of Auburn University. Thanks so much for being with us.
- What is it exactly that cycles or "rolls over" every 19 years?
- Is it in any way analogous to y2k?
- Is there any cybersecurity issue associated with the rollover more subtle than GPS simply not working for some users? For example, is there some hacking potential associated with this moment?
gps gnss
gps gnss
asked 2 hours ago
uhohuhoh
40.5k18149511
asked 2 hours ago
uhohuhoh
40.5k18149511
edited 1 hour ago
uhoh
asked 2 hours ago
uhohuhoh
40.5k18149511
asked 2 hours ago
uhohuhoh
40.5k18149511
asked 2 hours ago
uhohuhoh
40.5k18149511
40.5k18149511
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
$begingroup$
The field in the protocol that specifies the week number is a 10-bit value. In most computers, when an (unsigned) integer exceeds its maximum value, it wraps around to zero. This is roughly similar to Y2K, though is more like the upcoming year 2038 problem (but with weeks instead of seconds). This 10-bit value will wrap around, and the GPS system will hold the same time value as it held back in 1999.
Yes, this can cause some security issues. Many people use GPS signals as a way to tell time instead of its traditional use with geolocation. Accurate time is extremely important for security, such as for verifying that a certificate is valid and has not expired. If an operating system exclusively uses GPS to calibrate its internal clock, this rollover could, if handled improperly in firmware, result in certificate validation errors or even the failure to check for security updates. See also How important is local time for security?.
answered 1 hour ago
forestforest
1214
New contributor
forest is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
$endgroup$
$begingroup$
To double check, a GPS receiver unit without properly updated software (or firmware) could return a properly formatted yet incorrect value for GPS time, and this problem is independent of the quality of the geolocation data?
$endgroup$
– uhoh
6 mins ago
1
$begingroup$
@uhoh Correct. If that invalid time is used for purposes that require accurate time for security, this could result in a security issue.
$endgroup$
– forest
4 mins ago
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
return StackExchange.using("mathjaxEditing", function () {
StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix) {
StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
});
});
}, "mathjax-editing");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "508"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fspace.stackexchange.com%2fquestions%2f35362%2fwhat-is-gps-19-year-rollover-and-does-it-present-a-cybersecurity-issue%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
$begingroup$
The field in the protocol that specifies the week number is a 10-bit value. In most computers, when an (unsigned) integer exceeds its maximum value, it wraps around to zero. This is roughly similar to Y2K, though is more like the upcoming year 2038 problem (but with weeks instead of seconds). This 10-bit value will wrap around, and the GPS system will hold the same time value as it held back in 1999.
Yes, this can cause some security issues. Many people use GPS signals as a way to tell time instead of its traditional use with geolocation. Accurate time is extremely important for security, such as for verifying that a certificate is valid and has not expired. If an operating system exclusively uses GPS to calibrate its internal clock, this rollover could, if handled improperly in firmware, result in certificate validation errors or even the failure to check for security updates. See also How important is local time for security?.
answered 1 hour ago
forestforest
1214
New contributor
forest is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
$endgroup$
$begingroup$
To double check, a GPS receiver unit without properly updated software (or firmware) could return a properly formatted yet incorrect value for GPS time, and this problem is independent of the quality of the geolocation data?
$endgroup$
– uhoh
6 mins ago
1
$begingroup$
@uhoh Correct. If that invalid time is used for purposes that require accurate time for security, this could result in a security issue.
$endgroup$
– forest
4 mins ago
add a comment |
$begingroup$
The field in the protocol that specifies the week number is a 10-bit value. In most computers, when an (unsigned) integer exceeds its maximum value, it wraps around to zero. This is roughly similar to Y2K, though is more like the upcoming year 2038 problem (but with weeks instead of seconds). This 10-bit value will wrap around, and the GPS system will hold the same time value as it held back in 1999.
Yes, this can cause some security issues. Many people use GPS signals as a way to tell time instead of its traditional use with geolocation. Accurate time is extremely important for security, such as for verifying that a certificate is valid and has not expired. If an operating system exclusively uses GPS to calibrate its internal clock, this rollover could, if handled improperly in firmware, result in certificate validation errors or even the failure to check for security updates. See also How important is local time for security?.
answered 1 hour ago
forestforest
1214
New contributor
forest is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
$endgroup$
$begingroup$
To double check, a GPS receiver unit without properly updated software (or firmware) could return a properly formatted yet incorrect value for GPS time, and this problem is independent of the quality of the geolocation data?
$endgroup$
– uhoh
6 mins ago
1
$begingroup$
@uhoh Correct. If that invalid time is used for purposes that require accurate time for security, this could result in a security issue.
$endgroup$
– forest
4 mins ago
add a comment |
$begingroup$
The field in the protocol that specifies the week number is a 10-bit value. In most computers, when an (unsigned) integer exceeds its maximum value, it wraps around to zero. This is roughly similar to Y2K, though is more like the upcoming year 2038 problem (but with weeks instead of seconds). This 10-bit value will wrap around, and the GPS system will hold the same time value as it held back in 1999.
Yes, this can cause some security issues. Many people use GPS signals as a way to tell time instead of its traditional use with geolocation. Accurate time is extremely important for security, such as for verifying that a certificate is valid and has not expired. If an operating system exclusively uses GPS to calibrate its internal clock, this rollover could, if handled improperly in firmware, result in certificate validation errors or even the failure to check for security updates. See also How important is local time for security?.
answered 1 hour ago
forestforest
1214
New contributor
forest is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
$endgroup$
The field in the protocol that specifies the week number is a 10-bit value. In most computers, when an (unsigned) integer exceeds its maximum value, it wraps around to zero. This is roughly similar to Y2K, though is more like the upcoming year 2038 problem (but with weeks instead of seconds). This 10-bit value will wrap around, and the GPS system will hold the same time value as it held back in 1999.
Yes, this can cause some security issues. Many people use GPS signals as a way to tell time instead of its traditional use with geolocation. Accurate time is extremely important for security, such as for verifying that a certificate is valid and has not expired. If an operating system exclusively uses GPS to calibrate its internal clock, this rollover could, if handled improperly in firmware, result in certificate validation errors or even the failure to check for security updates. See also How important is local time for security?.
answered 1 hour ago
forestforest
1214
New contributor
forest is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited 41 mins ago
answered 1 hour ago
forestforest
1214
New contributor
forest is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 1 hour ago
forestforest
1214
answered 1 hour ago
forestforest
1214
1214
New contributor
forest is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
forest is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
forest is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
$begingroup$
To double check, a GPS receiver unit without properly updated software (or firmware) could return a properly formatted yet incorrect value for GPS time, and this problem is independent of the quality of the geolocation data?
$endgroup$
– uhoh
6 mins ago
1
$begingroup$
@uhoh Correct. If that invalid time is used for purposes that require accurate time for security, this could result in a security issue.
$endgroup$
– forest
4 mins ago
add a comment |
$begingroup$
To double check, a GPS receiver unit without properly updated software (or firmware) could return a properly formatted yet incorrect value for GPS time, and this problem is independent of the quality of the geolocation data?
$endgroup$
– uhoh
6 mins ago
1
$begingroup$
@uhoh Correct. If that invalid time is used for purposes that require accurate time for security, this could result in a security issue.
$endgroup$
– forest
4 mins ago
$begingroup$
To double check, a GPS receiver unit without properly updated software (or firmware) could return a properly formatted yet incorrect value for GPS time, and this problem is independent of the quality of the geolocation data?
$endgroup$
– uhoh
6 mins ago
$begingroup$
To double check, a GPS receiver unit without properly updated software (or firmware) could return a properly formatted yet incorrect value for GPS time, and this problem is independent of the quality of the geolocation data?
$endgroup$
– uhoh
6 mins ago
1
1
$begingroup$
@uhoh Correct. If that invalid time is used for purposes that require accurate time for security, this could result in a security issue.
$endgroup$
– forest
4 mins ago
$begingroup$
@uhoh Correct. If that invalid time is used for purposes that require accurate time for security, this could result in a security issue.
$endgroup$
– forest
4 mins ago
add a comment |
Thanks for contributing an answer to Space Exploration Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
Use MathJax to format equations. MathJax reference.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fspace.stackexchange.com%2fquestions%2f35362%2fwhat-is-gps-19-year-rollover-and-does-it-present-a-cybersecurity-issue%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
