The Underhanded C Contest
a day ago
- #Nuclear verification
- #NaN poisoning
- #Underhanded C Contest
- The 2015 Underhanded C Contest results were announced, with the winner and runners-up recognized for their submissions.
- The challenge was a real-world nuclear verification problem sponsored by the Nuclear Threat Initiative.
- Many submissions used NaN poisoning attacks, where floating-point NaN values cause false comparisons.
- A live Reddit AMA was scheduled for February 9th to discuss the contest and its implications.
- Submissions were judged on realism, with data-triggered attacks preferred over environment-triggered ones.
- Runners-up included entries using NaN bugs, memory leaks, and clever negative-number tricks.
- The winning entry by Linus Åkesson exploited a type confusion between float_t and double precision.
- This confusion caused the program to misinterpret spectral data, allowing a host country to cheat without detection.
- The attack is realistically achievable, uses standard code, and exploits integer counts in floating-point representation.