By Michael Mimoso | Oct. 28, 2021

GPSD—an open-source service daemon that collects time data from global positioning systems and translates it for GPS-reliant devices and applications—lived a relatively obscure life for decades until last week.

Download this episode of Aperture with Gary E. Miller

A bug disclosed to the maintainers of GPSD months ago and patched via an update made available in August threatened to rollback time on Oct. 24 to March 2002 for users. The risks from this Y2K-like event could have had widespread impact given GPSD prevalence in many mobile embedded systems, as well as drones, robot submarines, driverless cars, recent generations of manned aircraft, marine navigation systems, and military vehicles. There are also industrial applications where GPSD is used, including things such as flow meters on pipelines.

The bug could have rolled back time on GPSD-reliant devices 1,024 weeks, almost 20 years. Such an event could have affected data integrity with systems dependent on timestamps, for example. Some sensors transmit data regularly and are part of larger systems that take actions based on sensor readings.

In this episode of Claroty’s Aperture Podcast, GPSD principal maintainer Gary E. Miller joins to discuss the bug.

During the discussion, Gary covers:

  • An in-depth discussion about GPSD’s development and usage
  • Why the bug was in the codebase
  • Potential impacts to the various use cases for GPSD
  • Why changes to the planet that affect time itself helped to blunt the impact of this vulnerability
  • Some of the management challenges that surround open-source projects.

Subscribe, rate, and review the Aperture podcast on all major platforms, including Apple Podcasts and Spotify.