Many people are aware of the dangers of missed punctuation as is highlighted by the campaign “Use commas. Don’t be a psycho.”. This is graphically illustrated by the accompanying statement “I like cooking my family and pets”. What the public may not be aware of are the extreme dangers of similar missing punctuation in computer code. Certainly, developers at Apple have been reminded of this with the revelation last week of a bug that makes the secure communication of all of Apple’s devices fail and if exploited, all transactions and conversations visible to attackers.
Apple issued a fix for its mobile devices on Friday but is yet to fix the issue on its laptops. For the time being, Mac users can mitigate some of the risk by using Firefox or Chrome instead of Safari.
Although fairly disastrous for users, the bug has proved a major embarrassment for Apple, especially so when it became known that the bug was caused by an unintended slip of grammar by an Apple developer.
Computer code is written in various languages that follow rules of grammar in much the same way as any spoken language does. Like a spoken language, computer languages like “C” and “C++” and Apple’s favourite “Objective-C”, use braces “{” and “}” to mark the beginning and end of statements that should be treated together.
What happened with the bug that the Apple developer introduced is that the programmer didn’t use any braces for a piece of code that looked something like:
[1] if (certificate check is not valid)
[2] goto fail;
[3] goto fail;
[4] if (next certificate check is not valid)
[5] goto fail;
The problem lies with the line of code [3], the extra “goto fail”. It is a redundant line of code that was left in by error. The developer didn’t notice it because he or she wasn’t using braces - a convention that is allowed in coding in C if there is only 1 single line after the if statement [1]. Because of the fact that there wasn’t a brace, it looked like line [3] was part of the if statement but it wasn’t and would stop the check on line [4] from ever being run.
What the code should have looked like is this:
[1] if (certificate check is not valid) {
[2] goto fail;
[3] }
[3] goto fail;
[4] if (next certificate check is not valid) {
[5] goto fail;
[6] }
Developers commonly use what is called a “walk-through” to detect these types of errors. Each developer sits down with at least one, but usually, two other developers and they explain their code giving the group a chance to review the code and check it is doing what it should be doing.
This didn’t happen in this case and somewhat surprisingly, despite the code being publicly available, it hadn’t been picked up by any open source developers either. Adam Langlay, a Google developer and the person who explained the source code bug, maintained that a bug of this type was unlikely to happen at Google - but I’m personally not so sure. People are unreliable at spotting grammatical errors and this is why it is important to adopt practices that minimise the chances of those errors happening. It is possible to get the language compiler software (the software that converts the code into something the computer can run) to warn against these types of error, but by default it doesn’t have this option switched on.
It is not known whether anyone has exploited this bug yet but it seems unlikely that, despite claims, it was introduced deliberately for that purpose. Again, there are many ways that hackers can exploit users and subvert security without resorting to this type of unknown bug. In the meantime however, I guess Apple should be telling its developers “Use braces. Don’t be a psycho who puts all of our users at risk.”