Pontus Johnson, a professor at the Royal Institute of Technology in Stockholm, discovered a vulnerability in the universal Turing machine.
A Turing machine is an abstract executor (abstract computing machine). It was proposed by the English mathematician Alan Turing in 1936 to formalize the concept of an algorithm. A universal Turing machine is a Turing machine that can replace any Turing machine. As a rule, this term means a computer’s most straightforward, abstract model.
The vulnerability (CVE-2021-32471) exists due to the lack of an input validation mechanism. With its help, Johnson managed to run an arbitrary code on the so-called Minsky machine using specially configured data.
As Pontus noted, the vulnerability cannot be exploited in real attack scenarios since it affects the Minsky machine (or the so-called register machine) – a multi-tape Turing machine, introduced in 1967 by the co-founder of the University of Massachusetts Artificial Intelligence Laboratory, Marvin Minsky, and is the most straightforward computer.
Although the vulnerability has no use in the modern world, Johnson said, it raises an important question – at what stage can security features be implemented in the creation of a computer?
As the scientist noted, many experts believe that security should be considered at the very early stages of creating a computer. However, this approach is inapplicable to the Minsky machine since all possible safety functions will be add-ons, and it is impossible to include them in the device itself.
Johnson said his research demonstrates that even the most straightforward computer is still vulnerable, and security cannot always be built-in.
Let me remind you that I also talked about the Perfect encryption system presented by team of scientists from three countries.
When I’d read about this on ArXiv, I didn’t know it had a CVE assigned to it. That’s hilarious…