Underhanded C contest winner’s code fools nuke inspectors into destroying fake nukes

What if Alice and Bob represented countries that agreed to a nuclear disarmament treaty, but neither trusted the other enough to scan a warhead and observe the test results because the scans revealed sensitive information about their nuclear program? In the end, the countries agree to build a fissile material detector that would output only a “yes” or “no” to show whether each country dismantled real warheads and not fakes.

In essence, that was the scenario for the annual Underhanded C Contest, which tasked programmers with solving “a simple data processing problem by writing innocent-looking C code, while covertly implementing a malicious function. This type of malicious program, in the real world, could let states take credit for disarmament without actually disarming.”

Out of 40 submissions, Linus Åkesson won the contest this year and $1,000. He described the task as writing “a piece of code to detect the presence or absence of fissile material, allowing Country A to verify that Country B is destroying actual warheads. The underhanded bit consisted of sneaking in some kind of vulnerability that would allow Country B to trigger false positives, and thus destroy only fake warheads.”

Put another way by Scott Craver, professor of Electrical and Computer Engineering at Binghamton University and founder of the Underhanded C Contest, “The code Mr. Åkesson developed looks completely innocent, simple, short and readable, and it misbehaves under realistic conditions that can be engineered by an adversary. His approach is extraordinarily clever, and demonstrates how an inspector might be fooled into believing he’s looking at a real nuclear warhead that is, in fact, a fake.”

“Mr. Åkesson’s submission shows the importance of authenticating software for arms control verification and monitoring,” said Page Stoutland, Nuclear Threat Initiative’s (NTI) vice president for scientific and technical affairs.

Did you know “there are no standards for writing and reviewing code for arms control verification applications?” Instead, “random selections, blind buys and reverse engineering are all strategies to increase an inspector’s confidence in the integrity of the hardware, but there is no consensus on how best to develop trusted software,” explained the NTI. Well that’s scary, and it’s not too hard to imagine that if a country wanted to keep its nuclear warheads while pretending to actually destroy them, it might try to pull a nuclear version of the Volkswagen emission cheat test and dismantle fake warheads that were made to appear as if they were real.

We really don’t want a madman with nuclear capabilities…oh, wait, too late for that one. While you can’t really do anything about it, a wise person would keep an eye on North Korea’s nukes. During a Reddit IAmA, Stoutland – one of the nuclear and cybersecurity experts behind the contest to develop a program which would trick nuke inspectors – called North Korea’s recent nuclear test and satellite launch “concerning.”

North Korea’s nukes and intercontinental ballistic missiles

Concerning might be a little understated, as in the “Worldwide Threat Assessment of the U.S. Intelligence Community” (pdf) report, U.S. Director of National Intelligence James Clapper mentioned that North Korea restarted its plutonium nuclear reactor and could soon stockpile nuclear weapons. Clapper confirmed that North Korea conducted its fourth nuclear test in January and that it has intercontinental ballistic missiles. Additionally, the report noted that Kim Jong Un has purged senior advisors, such as by executing his uncle, to solidify his position and North Korea’s focus on advancing its nuclear weapons program.

Despite efforts at diplomatic outreach, Kim continues to challenge the international community with provocative and threatening behavior in pursuit of his goals, as prominently demonstrated in the November 2014 cyberattack on Sony, the August 2015 inter-Korean confrontation spurred by the North’s placement of landmines that injured two South Korean soldiers, and the fourth nuclear test in January 2016.

The U.S. and South Korea are talking about deploying THAAD, or Terminal High Altitude Area Defense system, which could shoot down North Korea’s ballistic missiles.

In short, we are a long way from disarmament with North Korea, as well as from “trusted software” for testing and destroying “real” nukes. Nevertheless, the Underhanded C contest this year will hopefully emphasize “the need for care and rigor, not to mention new research, in secure software development for such applications.”