Last updated at Fri, 05 Apr 2019 13:51:50 GMT
This week, we're expecting some minor internet traffic turbulence around April 6 and April 7 of 2019, since that's when the next "GPS Week Number Rollover" will happen. There's been a bit of breathless reporting on the event, with the usual slate of doom and gloom predicted, so I wanted to take a moment to point out a couple of positive outcomes to this GPS snafu.
First, you'll notice I said, "next," instead of "the," since it turns out that this has happened once before—the last rollover of the 10-bit counter was Aug. 21, 1999. I don't recall hearing much about that, but of course, there are a couple reasons why that might be. First, IoT wasn't nearly the presence on the internet today as it was in mid-1999. Second, Y2K preparations pretty much sucked the oxygen out of every other time-counter issue. For instance, remember Feb. 29, 2000? That was a fun day in IT that got basically no news coverage.
Of course, the world is different today—most IoT was built and deployed sometime between mid-1999 and last week, and some of that gear consumes GPS data. Here in Infosec-Land, we clutch our pearls quite a lot when we talk about IoT, since one of the main gripes we have is that IoT devices, as a class, don't get patches in the field nearly as reliability or as timely as we'd like.
So, by that logic, the IoT garbage that's been quietly hanging around for years with brittle, bug-ridden stacks may suddenly just stop working due to this GPS week rollover issue. For me, this sounds like great news—the internet will shed some non-zero percentage of its old attack surface, making life slightly harder for DDoSers and cryptominers. Of course, I don't have to bear the cost of replacing that gear. It's kind of a bummer for the direct owners, but we will all enjoy the marginal benefit of a slightly more secure internet going forward.
This is pretty much the last time we'll ever have to worry about this. The next time this will happen will be about 157 years hence, since the 10-bit counter is being expanded to a 13-bit counter in the protocol spec. Devices that recognize this will have room for 8,192 weeks, rather than 1,024. So, we can all comfortably ignore this problem until the year 2175 or so, then race against the clock, again, until June 2176. (This is assuming the computers haven't replaced our colloquial notion of "us" with themselves by then, AND that we've somehow made it through the Year 2038 problem.)
If you're interested in some more background on this, I recommend Orolia's writeup, which is a little more sober than the media reports I've seen in the last week or so. It was published a little early—back in December 2017—but of all the GPS-centric vendors out there, their blog is pretty solid stuff.
