The tiny bits of code that can wreck computers
Some dangerous bits of code come in surprisingly small sizes. But just a few bytes can be enough to wreck computers and even bring a warship to a standstill.
One of the best programming jokes – and there are plenty to choose from – goes like this: Why did the programmer die in the shower? Because the shampoo bottle said, “Lather, rinse, repeat”. Don’t get it? It’s what’s known as an infinite loop. The programmer, following scrupulously clear orders, simply “repeats” the cycle of instructions over and over again – until death. Think that’s nonsensical? Computers have been tricked into loops like this for years.
In fact, it’s a classic kind of “fork bomb” attack – which means getting a computer to use up its resources in a way that renders it unusable. A fork bomb can be a very succinct string of just a few characters.
As one user explains online, in some computer languages this small collection of characters defines a meaningless function and then asks the computer to perform it again and again. The computer won’t ask why – it will just do as it is told. But don’t try running the code at home, it could severely slow your system down or even cause a crash.
In 2013, University of Cambridge researchers estimated that computer bugs cost the global economy $312bn (£241bn) every year. Even little bugs can be expensive – a misplaced line of code can render warships immobile, for example. How, exactly, is it possible for these miniscule bits of code to wreak such havoc?
“Computers follow a set of instructions they are given – but they follow them with literal mindsets, they follow them to the letter,” says Ben Liblit, a computer scientist at the University of Wisconsin-Madison.
“They have no common sense to fall back on.”
Why are infinite loops even possible? The answer, Liblit notes, is that it’s often extremely useful for computers to loop over data many thousands or even millions of times. That way they can perform tasks in an instant that would be tedious and time-consuming for humans – such as editing a huge list of names to make sure the first letter is capitalised, for example. There’s no fundamental limit on how many times a loop can be performed, which means they can in theory – and in practice – go on until the computer can no longer cope.
The first documented case of a fork bomb causing problems goes way back to 1978. Similar to the example above, this involves a short program – nicknamed “wabbit” – making copies of itself ad infinitum.
Code like this, a form of malware, could get onto a victim’s computer after being disguised as an innocent-looking file and sent as an email attachment. If the victim were to download and run the file, then the waiting fork bomb might be unleashed.
It’s also possible to make zipped folders that, when unzipped, will continue unzipping more and more internal files, according to Mikko Hypponen, a cybersecurity expert at F-Secure. This is known as a “zip bomb” and one well-known example is just 42 bytes in size prior to unzipping. It can be used to entirely fill a hard-drive with data or disable anti-virus programs that unpack the files and use up their memory in the process.
In 2014, a serious flaw in computer software that encrypts sensitive data on the web was found. Known as Heartbleed, the bug could let attackers spy on data that should have been private, such as passwords or credit card details. But as Alan Woodward at the University of Surrey notes, the code that launched the attack was tiny – just four bytes.
For malicious hackers, the fact that some disruptive code can be packaged into small spaces has proved useful in recent times. In 2010, for example, a “Twitter virus” was reported that caused popup windows to open. All that a user needed to do was move their mouse cursor over one of the problem tweets when browsing on twitter.com. Even the official Twitter account for the White House was briefly affected.
Another cybersecurity expert who is used to finding surprisingly diminutive bits of hostile programming is Steve Lord at Mandalorian. A recent example he says he’s been working on involves inserting malicious code into single packets of data – the small chunks that are sent between computers via the internet. It’s quite a complex bug, but it allows attackers to disable secure connections known as virtual private networks (VPNs).
Perhaps the smallest bit of code that has caused a silicon slip-up is this: “0”. Dividing by zero gives an indeterminate number, which computers can't handle.
As Lord points out, that’s exactly what happened to the USS Yorktown warship in September 1997. A zero was put in the wrong place in one of the many programs running on board, but the resulting error caused the entire ship to shut down while out on manoeuvres. It had to be towed back to port.
“Thank goodness it didn’t happen in combat,” says Lord.
Lord also points to Tiny Banker – a piece of malware that infects computer users’ browsers and can copy their log-in details whenever they try to access their online bank account. It’s 20,000 bytes in size and has affected thousands of systems worldwide.
“In terms of Windows programs, it’s ridiculously small,” says Lord.
None of this is to suggest that computers are fundamentally prone to errors – but it does reveal just how tricky an engineering challenge it is to protect them from malicious tinkering or internal hiccups. Lord suggests there is even something “beautiful” about the small virtual errors that can cascade into very real consequences. Although the US Navy might not agree.
As Liblit says, computers have a capacity to do whatever they’re doing in a ruthlessly consistent way – whether that’s beneficial or not. “Computers can do something useful and be systematically useful,” he says, “or be broken and be systematically broken.” At least, in most cases, you can always turn it off and on again.
––
Join 700,000+ Future fans by liking us on Facebook, or follow us on Twitter, Google+, LinkedIn and Instagram.
If you liked this story, sign up for the weekly bbc.com features newsletter, called “If You Only Read 6 Things This Week”. A handpicked selection of stories from BBC Future, Earth, Culture, Capital, Travel and Autos, delivered to your inbox every Friday.