Published in News

Boffins find Zero day for Universal Turing Machine

by on17 May 2021

Takes a couple of days to run

A computer science professor from Sweden has discovered an arbitrary code execution vulnerability in the Universal Turing Machine, one of the earliest computer designs in history.

Pontus Johnson, a professor at the KTH Royal Institute of Technology in Stockholm, Sweden said that the discovery had absolutely no real world implications as these days Universal Turing Machines are a little rare.

In a paper published on academic repository ArXiv, Johnson said that the zero-day pertained specifically to the 1967 implementation the simulated Universal Turing Machine (UTM) designed by the late Marvin Minsky, who co-founded the academic discipline of artificial intelligence.

The Minsky specification describes a tape-based machine that reads and executes very simple programs from a simulated tape. Instructions on the tape move the simulated tape reader head left or right across the "tape" itself, which is represented as a one-line alphanumeric string. While users can make inputs at the start of the tape, in the UTM model they're not supposed to alter the program that follows.

Security, if you could call it that, for UTM consists of a single digit that tells the machine "user input ends here, everything after this point is executable with the parameters you've just read".

Johnson's exploit was as simple as writing that "input ends here" character in the user input field and then writing his own program after it. The UTM executes that and skips past the intended program. This is like a prototype SQL injection. 

He said that if the Universal Turing Machine was the mother of all computers, then it seems to him that you cannot build security in from the start.


Last modified on 17 May 2021
Rate this item
(1 Vote)