How 1s and 0s Can Change Elections or bring Down Planes
The Curious Phenomenon of Bit-Flips
Visit the Evidence Files Facebook and YouTube pages; Like, Follow, Subscribe or Share!
Computer programming comes in many languages: Ruby, Python, JavaScript, Swift, etc. But, at their core, programming languages are just a (somewhat) more human-friendly version of binary. Binary, the 1s and 0s we are all familiar with, is a base-2 system. The two digits (0 and 1) represent a state of being—on and off, or positive and negative. Computer programming boils down to a representation of this system of binary characters, essentially a system of mathematics. Put another way, when building the first computers, it was simply easiest to limit the number of inputs to just two (positive or negative). And so far, that remains the way computers are built, though quantum computers’ base unit, the qubit, can exist in three states.
Programming languages emerged to ease the ability of programmers to give detailed instructions quickly; the computer then interprets them into the more tedious and lengthy output—the 0s and 1s. Earlier languages like machine code, typically referred to as low-level languages, required the programmer to code using commands very close to the binary level. This meant programmers often had to conduct a lot of mathematical computations, as their coding was typically done in octal, decimal or hexadecimal. These are similar to binary, but use a higher number base system, base-8, base-10 and base-16, respectively. High-level languages use abstractions, a method of executing commands without needing to know each specific component of the command. This allows the execution of large sets of commands without having to know where each 0 and 1 belongs. One computer programming tutorial described it as understanding what happens when you hit the brakes on a car without knowing the function of each spring or cylinder.
As computer systems still manage data through 0s and 1s, they remain subject to a phenomenon called a “bit-flip.” Like it sounds, a bit-flip is the change of the state of a bit from 0 to 1 or vice-versa. In most systems, bits are stored using floating gate transistors. Memory works by whether current can or cannot flow past these gates and through the transistor. A bit’s state (0 or 1) depends on whether the gate is charged or not. Current that can move through the gate has a state of 1, and when it cannot it is 0. Bit-flips occur when there is an uncalled-for change to the electrons within the transistor’s gates, causing a “flip” in the states of one or more bits. This happens as a result of hardware failures, extreme temperature, radiation, or high-energy proton exposure.
Naturally-caused bit-flips pose a significant threat to space missions. Shuttle and other space missions face an onslaught of cosmic rays. On Earth, the atmosphere breaks cosmic rays apart into cascades where they lose energy and wilt into lower energy, less dangerous particles. Even these subdued particles are capable of creating bit-flips, but it is an exceedingly rare event and thus of little concern for most computer users on the ground. In space, however, the risk is quite high because cosmic rays strike with full force. NASA must take into account both acute cosmic ray exposure as well as the long-term buildup of charged particles for any machine or astronaut it sends into space. As an example, NASA’s Hubble Telescope automatically turns its science instruments off when it passes through problematic radiation belts.
Back on Earth, while extraordinarily rare, naturally-induced bit-flips do seem to happen, though, they tend to be much more of a problem for supercomputers and certain scientific experiments and processes. In perhaps the most famous case, an election in Belgium saw a change in the vote tally possibly as a result of a bit-flip. This happened in 2003, in one of their first national elections to tally votes by computer. The number by which the votes changed was curious—4,096—an exact power of 2 (212). Remember, binary is a base-2 system. After an extensive analysis, investigators could find no errors in the software. They concluded that “the error was most likely caused by a spontaneous and random inversion of a binary position.” It was never concretely confirmed that the underlying origin was a bit-flip caused by some cosmic event. In fact, one blogger noted in detail the very long odds that this could have occurred. Still, no other definitive answer was found.
Commercial aviation may be one of the most carefully tested and redundancy-driven consumer industries in history. Thus, when two Boeing 737 Max airplanes went down in 2018 and 2019, within a matter of months of each other, the industry went into a flurry to discover what had happened. Boeing’s 737 series is the highest selling commercial aircraft in history. Launched in April 1967, the aircraft has an extraordinary safety record, averaging nearly 6 million flights per fatal accident. Two crashes of a new generation of 737s, in such short proximity, indicated a serious problem with the latest rendition of this aircraft. Early reports suggested that the cause had to do with a newly implemented software system called the Maneuvering Characteristics Augmentation System, or MCAS.
MCAS was Boeing engineers’ solution to a problem caused by the placement of the Max’s new engines. The engines were repositioned on the wings because they were bigger, though more fuel-efficient, and slightly refined in shape compared with the previously used engines. Repositioned engines changed the aircraft’s aerodynamic handling, leading to a forced pitch-up position of the nose of the aircraft in certain flight conditions. MCAS was designed to implement an automated nose-down attitude to prevent the potential for an aerodynamic stall that could be caused by an inappropriately high angle of attack (the position of the aircraft’s tilt up or down). Investigators suspected that the MCAS caused an unexpected and un-commanded nose-down attitude that effectively forced the two accident aircrafts into the ground.
An important fact emerged in the investigation of the Max crashes: Boeing’s automated flight control system’s software only used inputs from one computer to make corrections in the plane’s attitude. FAA engineers testing the system in a simulator discovered that bit-flipping 5 bits in the flight control computer’s microprocessor replicated the un-commanded upset seen in the two Max crashes. It should be noted that in one of the crashes—Lion Air JT610—numerous failures reportedly led to the crash and the cause was therefore not attributed to this bit-flip scenario. What factors attributed to the other crash, that of Ethiopia Airlines flight ET302 by Ethiopia’s AIB, was strongly disputed by the US National Transportation Safety Board. Nonetheless, the FAA’s tests proved that despite the extremely improbable odds, an adverse flight event caused by a bit-flip could happen, and could create a similar scenario to what occurred in the two crashes, even though commercial aircraft are manufactured with this possibility in mind. Moreover, the higher a plane flies, the higher the chances that it will encounter an atmospheric event that could cause a bit-flip because the thinner atmosphere has less opportunity to send cosmic rays into less dangerous cascades. The faulty sensory input from a single sensor in the Lion Air crash, and the potential for a bit-flip-caused similar catastrophe, led Boeing to address this rather unusual non-redundant system in its 737 series, leading to enhanced safety in an already very safe aircraft. In other words, Boeing took the potential of a negative event occurring as a result of a bit flip so seriously that it engaged in significant overhaul procedures to further prevent it.
A bit-flip may have caused an upset in an active flight that, fortunately, did not result in a crash. Trying to determine whether the cause of an event involves a cosmically-induced bit-flip is difficult because it is very hard to replicate. Regardless, in the case of Qantas Flight 72 from Changi Airport, Singapore to Perth, Australia in 2008, investigators could not find the reasoning behind numerous invalid ADR data spikes (ADR refers to air data reference, also called an air data computer—ADC). Unlike the Boeing 737 Max crashes, this incident involved an Airbus A330. The Airbus system designed to interpret the ADR data did not recognize the erroneous data spikes as invalid. As a result, after several flight system anomalies and warnings indicating contradictory conditions, the A330 suddenly pitched downwards and plummeted 650 feet (200 m) before pilots halted the descent. Investigators ultimately concluded that most of the system failures that could have triggered the events leading to the upset “were probably not associated with the data-spike failure,” but that there “was insufficient evidence available to determine whether SEE could have triggered the failure mode.” An SEE means a “Single Event Effect,” which is a technical term that can refer to a cosmic ray event. The investigation’s conclusion basically stated that the evidence suggested that a cosmic ray or other external event was the only causation they could not reasonably rule out.
So far, I have discussed what I previously termed as “natural” events. By this, I meant bit-flips occurring as result of environmental factors. Researchers working together in Europe and the United States found that a bit-flip can also be purposely commanded and used as a vector of attack. Called Plundervolt, the researchers planted malicious software on a target computer that temporarily reduced the voltage flow to a specific chip. With careful timing, the attack caused the chip to make computational errors resulting in a bit-flip. Targeting the bit-flip at a cryptographic computation enabled the researchers to decipher encrypted data and obtain the encryption key. Researchers from the University of Tsinghua in Beijing and the University of Maryland created a similar attack that focused on a different set of chips.
More complex attacks have been developed using bit-flipping as a strategy. One example is a Satisfiability (SAT) Bit-Flipping attack. Traditionally, SAT attacks (without the bit-flipping part) have been combatted by blocking mechanisms such as Logic Locking employing SARLock or Anti-SAT. Logic Locking uses a set of techniques to stop assaults on integrated circuitry to prevent IP piracy or reverse engineering. SARLock is a technique first proposed in 2016 to make it exponentially more difficult to steal the private keys involved in a Logic Locking scheme. The SAT Bit-Flipping technique, proposed in 2021, employs a relatively simple algorithm to set a random key value to one encrypted key in an integrated circuit, and a single bit-flipped value in the associate key pair. This is used to solve for the number of distinguished input patterns, thereby reducing the possible output values and decreasing the complexity created by SARLock and other techniques. With the assistance of a bypass attack, these input patterns are run against other encrypted values in the integrated circuit until each of the input-output pairs are confirmed correct by the activation of the integrated circuit. (Note, this is a very simplified explanation.) These researchers therefore successfully overcame hardware security intended to protect against piracy and counterfeiting in reasonable timeframes using bit-flipping.
Another method of attack involves using bit-flipping against domains. Big companies typically buy up dozens of domains similar to their primary domain to avoid ill-intended folks from using them for criminal purposes. For example, Microsoft might buy the following:
Microsoft.com (the legitimate one)
M1crosoft.com
Micr0soft.com
Micros0ft.com
Mlcrosoft.com
When others purposely register domains very similar to legitimate ones, it is referred to as bitsquatting. That is, someone unassociated with the legitimate domain buys domains that are a single bit off of the legitimate one. Researcher Artem Dinaburg experimented with 31 bitsquatted domains over seven months and found that his domains received 52,317 DNS requests (which are requests sent to reconcile a URL with its associated IP address). Dinaburg’s test proved that with domains altered by a single bit, he could still receive thousands of DNS requests looking for the authentic IP address. This opens the door for attackers to use websites that look legitimate and successfully resolve DNS requests to trick users into providing information to the attacker or downloading malicious software. For regular users, the best defense against this is to confirm the spelling of the website they are seeking, and to avoid clicking on unsolicited links that come in emails or on social media.
There are many other ways attackers use bit-flipping as an attack method: Flip Feng Shui (FFS), Cipher Block Chaining (CBC) attack, Long Range Wide Area Network (LoRaWAN) device attacks, and Rowhammer attacks.
Regular users of computers and phones really shouldn’t worry much about bit-flips. Naturally induced bit-flip events generally threaten large networks and particularly sensitive software. In an environment with these concerns, such as in large server farms or avionics software, engineers and computer scientists go to great lengths to reduce the possibility such an event can create a disruption. This includes shielding to prevent the occurrence in the first place. But, it also includes mitigation efforts such as software redundancy and validity confirmation in systems using multiple inputs (such as on airplanes). For people who may run into the extremely rare occurrence of a bit-flip on their personal device, the best response is simply to restart it—something you should do somewhat regularly anyway!
***
I am a Certified Forensic Computer Examiner, Certified Crime Analyst, Certified Fraud Examiner, and Certified Financial Crimes Investigator with a Juris Doctor and a Master’s degree in history. I spent 10 years working in the New York State Division of Criminal Justice as Senior Analyst and Investigator. Today, I teach Cybersecurity, Ethical Hacking, and Digital Forensics at Softwarica College of IT and E-Commerce in Nepal. In addition, I offer training on Financial Crime Prevention and Investigation. I am also Vice President of Digi Technology in Nepal, for which I have also created its sister company in the USA, Digi Technology America, LLC. We provide technology solutions for businesses or individuals, including cybersecurity, all across the globe. I was a firefighter before I joined law enforcement and now I currently run a non-profit that uses mobile applications and other technologies to create Early Alert Systems for natural disasters for people living in remote or poor areas.
Find more about me on Instagram, Facebook, Twitter, LinkedIn, or Mastodon. Or visit my EALS Global Foundation’s webpage page here.
For an article on hiding computer code to defeat anti-virus, check out:
