Y2K38 Vulnerability Can Be Exploited Today in Vulnerable Systems

The author claims that the Y2K38 problem can already be exploited today in vulnerable systems that synchronize time in a way that an attacker can manipulate. They explain that many 32-bit systems accept external time sources (NTP, GPS, RTC sync, management APIs) and that forcing the time near or beyond the overflow limit can compromise authentication, certificate validation, logs, and replay protection. Embedded devices, OT (Operational Technology), and IoT systems are particularly at risk because they often use 32-bit Linux/RTOS systems that are rarely updated and accessible over the internet.