The little thing behind Apple's big security slip-up

The bug that left Apple red-faced isn't as complex or virulent a beast as one might imagine. When it comes to writing code, a simple oversight can lead to a big problem.

Many people are aware of the dangers of missed punctuation, as highlighted in the campaign “Use commas. Don’t be a psycho.”, which is illustrated by the accompanying statement: “I like cooking my family and pets.” What the public may not be aware of are the extreme dangers of similar missing punctuation in computer code. Certainly, developers at Apple have been reminded of this with the revelation last week of a bug that made the secure communication of all of Apple’s devices fail and, if exploited, all transactions and conversations visible to attackers.

Apple issued a fix for its mobile devices on Friday but not for laptops until yesterday.

Although fairly disastrous for users, the bug has proved a major embarrassment for Apple, especially when it became known that the bug was caused by an unintended slip of grammar by an Apple developer.

Computer code is written in various languages that follow rules of grammar in much the same way as any spoken language does. Like a spoken language, computer languages like “C” and “C ” and Apple’s favourite “Objective-C”, use braces “{“ and “}” to mark the beginning and end of statements that should be treated together.

What happened with the bug that the Apple developer introduced is that the programmer didn’t use any braces for a piece of code that looked something like:

[1] if (certificate check is not valid)
[2] goto fail;
[3] goto fail;
[4] if (next certificate check is not valid)
[5] goto fail;

The problem lies with the line of code [3], the extra “goto fail”. It is a redundant line of code that was left in by error. The developer didn’t notice it because he or she wasn’t using braces – a convention that is allowed in coding in C if there is only one single line after the if statement [1]. Because of the fact that there wasn’t a brace, it looked like line [3] was part of the if statement – but it wasn’t, and would stop the check on line [4] from ever being run.

What the code should have looked like is this:

[1] if (certificate check is not valid) {
[2] goto fail;
[3] }
[3] goto fail;
[4] if (next certificate check is not valid) {
[5] goto fail;
[6] }

Developers commonly use what is called a 'walk-through' to detect these types of errors. Each developer sits down with at least one (but usually two) other developer and explains their code, giving the group a chance to review it and check it's doing what it should be doing.

That didn’t happen in this case and, somewhat surprisingly despite the code being publicly available, it hadn’t been picked up by any open source developers either. Adam Langlay, a Google developer and the person who explained the source code bug, maintained that a bug of this type was unlikely to happen at Google – but I’m personally not so sure. People are unreliable at spotting grammatical errors and this is why it is important to adopt practices that minimise the chances of those errors happening. It is possible to get the language compiler software (the software that converts the code into something the computer can run) to warn against these types of error, but by default it doesn’t have this option switched on.

It is not known whether anyone has exploited this bug yet but it seems unlikely that, despite claims it was introduced deliberately for that purpose. Again, there are many ways that hackers can exploit users and subvert security without resorting to this type of unknown bug. In the meantime, however, I guess Apple should be telling its developers: “Use braces. Don’t be a psycho who puts all of our users at risk.”

David Glance does not work for, consult to, own shares in or receive funding from any company or organisation that would benefit from this article, and has no relevant affiliations.

The Conversation

This article was originally published on The Conversation. Read the original article.

Related Articles