LAS VEGAS — In 2038, the world will face a computer crisis greater than the "Y2K bug" of the year 2000, a prominent security researcher told the Black Hat security conference here yesterday (July 27).
Mikko Hypponen, chief research officer of the Finnish antivirus firm F-Secure, reminded the audience of hackers and corporate executives that the "Unix epoch" ends on Jan. 19, 2038. At that point, many modern computer systems will stop telling time, with a potentially catastrophic effect upon every aspect of society.
"Try changing your phone's calendar to 2039," Hyponnen said. "You can't."
The Unix epoch bug — which Hypponen half-jokingly referred to as the "Epochalypse" —will require massive rewriting of computer code and replacement of unfixable devices, and is only one of half-a-dozen digitally induced major societal changes that we will see in the next two decades.
Others involve robots fighting wars, self-driving cars making life-or-death decisions and self-programming computers writing software that humans can't understand.
Like many modern-day computer problems, the Unix epoch problem stems from a decision made long ago by programmers who never imagined that their choices would have consequences many decades in the future.
In this case, the system of counting time by computers running Unix, an operating system developed at Bell Labs during the early 1970s, was set to simply count individual seconds beginning at midnight Greenwich time on Jan. 1, 1970.
The time counter is a simple 32-bit system, meaning it has a maximum value of 2,147,483,647 — 2 to the 32nd power minus 1. That number of seconds since midnight on Jan. 1, 1970 can take us up to 3:14:07 a.m. Greenwich time on Jan. 19, 2038. One second after that, all clocks running Unix time will flip over and start counting upward from -2,147,483,647, which computers will recognize as Dec. 13, 1901.
The consequences may be immense. Most modern operating systems, including Linux, Android, macOS and iOS, are based on Unix or related software. (Windows is not.) Most "smart" devices, embedded devices and Internet of Things devices run some form of Linux. In a single moment two decades from now, many of them will switch from the mid-21st century to the first year of the 20th century.
"If something is described as 'smart,' then it's vulnerable," Hypponen said.
Banks may not be able to dispense money or make transactions. Cellphones may not be able to make calls. Your home alarm system may go nuts, or may not be able to tell if an intruder has broken in. GPS-based navigation systems, such as on aircraft, ships and road vehicles, may not be able to tell GPS receivers where they are.
"I remember spending the night of Dec. 31, 1999 on the phone with our partners, beginning with New Zealand, to make sure nothing happened," Hypponen said. "Yet [the Y2K bug] wasn't a dud. A tremendous amount of work went into fixing bugs in the months beforehand."
"And there were still problems, for example in healthcare computers in the UK," he added. "That led to 154 false positives sent to pregnant women about whether their fetuses had Down's syndrome. Some babies were aborted."
Work has already begun to update or replace systems vulnerable to the 2038 bug, but Hypponen said the task is immense, and we may never be able to get to all the systems before the date arrives.
"I guarantee we will run out of time to fix all the bugs regarding 2038," Hypponen said.
The 2038 bug is such a problem because computers have become pervasive in every aspect of modern society, Hypponen said. He pointed out that computers are now being used to write computer programs, and that at some point, they will become as good as humans at doing so.
"And then they will bypass us and skyrocket," he said.
A pivotal moment in machine-human interaction, Hypponen reminded the audience, was when the IBM supercomputer Deep Blue beat the chess champion Garry Kasparov in a match in 1997.
Yet, he said, "the smartphone in your pocket is probably 70 times more powerful than Deep Blue."
Likewise, Hypponen said, military drones are perfectly capable of piloting themselves and making decisions about whom to attack on the ground. We maintain remote human control only for "philosophical reasons," he said.
Hypponen began his presentation with a video showing a self-driving car about to hit a little girl as her father rushed out into the street from the other side to save her.
"Should the self-driving car drive over the father, or the daughter?" he asked. "I don't know.
"But it's now our problem, because everything runs on computers," he added, addressing the crowd of information-security professionals. "Your work is no longer just to secure computers. Your work is to secure society."