Epochalypse Project
Time Integrity & Epoch Rollover Risk
Raising awareness of the 2036–2038 rollovers — and fixing things while there's still time.

Public safety#

Why epoch-rollover risk is a public-safety problem, not only a reliability one — and how cybersecurity weaknesses let it be triggered on demand, today.

Assessment levels Observed empirical — directly measured or documented · Reported field — a credible report, not independently verified here · Suspected theoretical — expected on reasoning or precedent, not yet demonstrated · Unexamined evidence gap — no one has looked closely yet

Is this a cybersecurity issue, or also a public safety issue?#

It is both, and the two are connected. The reliability framing — "things might break" — undercounts what is actually at stake.

The cybersecurity dimension is underappreciated. If a system stores time in a bounded representation and accepts time from attacker-influenced sources, 2038-class behaviour can become analogous to a buffer overflow at the semantic layer: not corrupting memory layout, but corrupting temporal reasoning, and inducing undefined behaviour in decision logic. Time is a root of trust — it underpins validity windows, expiry checks, audit trails, replay prevention, and incident reconstruction — so corrupting time corrupts the guarantees built on top of it.

The public-safety dimension is more direct, and easy to miss. Time also underpins safety-critical functions: leak detection on fuel and chemical storage, monitoring and protection logic in power and water, signalling and onboard systems in transport, timing-dependent therapy and monitoring in medical devices. When time fails, these controls can degrade silently — a leak test that never completes, an alarm that stops firing — with no crash to draw attention to them. And the two dimensions meet: an attacker who can move a device's clock can induce a safety-relevant failure on demand, rather than waiting for 2038. That is why the work triages by how fast the human consequences of a failure arrive, with life-safety systems first.

Can attackers exploit this before 2038?#

Observed Potentially, yes. Time can be influenced today through NTP spoofing or manipulation, GPS/GNSS spoofing, and malformed or adversarial timestamps arriving through dependent systems. This is not hypothetical: a public study of the default time clients shipped with the major desktop operating systems found all of them vulnerable to time-shift manipulation, with shifts achieved in minutes to hours and billions of devices running the vulnerable defaults. Full-featured NTP clients fared better, and some clients cap how far the clock can be moved — so the realistic risk is meaningful shifts, not arbitrary jumps to any date.

This does not mean an attacker can "flip everything to 2038." It means time integrity is a cybersecurity boundary, and weak time synchronisation can turn timekeeping bugs into operational cybersecurity problems.

What are the real-world impacts?#

Suspected Impacts depend on where the failure occurs, but common classes include authentication failures (Kerberos tickets, domain trusts, tokens); certificate-validation failures (TLS, code signing, expiry checks); the collapse of logging and forensics as time stops being coherent; scheduler and automation failures, where jobs misfire, defer forever, or loop; data corruption as timestamps overflow in databases and pipelines; and cascading failures, where bad timestamps propagate through APIs, logs, and synchronisation.

The crucial question is blast radius: does the failure stay local, or cascade through dependencies?

Explore more