Pontus Johnson, a professor at the Royal Institute of Technology in Stockholm, discovered a vulnerability in the universal Turing machine.
A Turing machine is an abstract executor (abstract computing machine). It was proposed by the English mathematician Alan Turing in 1936 to formalize the concept of an algorithm. A universal Turing machine is a Turing machine that can replace any Turing machine. As a rule, this term means the simplest, abstract model of a computer.
The vulnerability (CVE-2021-32471) exists due to the lack of an input validation mechanism. With its help, Johnson managed to run on the so-called the Minsky machine an arbitrary code using specially configured data.
As Pontus noted, the vulnerability cannot be exploited in real attack scenarios, since it affects the Minsky machine (or the so-called register machine) – a multi-tape Turing machine, introduced in 1967 by the co-founder of the University of Massachusetts Artificial Intelligence Laboratory, Marvin Minsky, and is the simplest computer.
Although the vulnerability has no use in the modern world, Johnson said, it raises an important question – at what stage in the creation of a computer can security features be implemented in it?
As the scientist noted, many experts believe that security should be taken into account at the very early stages of creating a computer. However, this approach is inapplicable to the Minsky machine, since all possible safety functions will be add-ons and it is impossible to include them in the machine itself.
Johnson said his research demonstrates that even the simplest computer is still vulnerable, and security cannot always be built in.
Let me remind you that I also talked about the Perfect encryption system presented by team of scientists from three countries.