The cybersecurity of the Terminator

October 28, 2019

The latest Terminator movie is set to hit the big screen. According to its creators, its plot is a continuation of the seminal Terminator 2: Judgment Day, with all installments in-between relegated to an alternative branch of reality. In general, the idea of an AI rebellion is clearly an information security problem, so we decided to examine the movie’s cyberlandscape. Our focus will be on the first two films in the franchise.

The Terminator

Let’s get this out of the way: We have no issues with the Terminator itself. The metalhead strictly follows its programming and displays savvy and flair in tracking down Sarah Connor. Keep in mind that the first movie was released way back in 1984. In those days, computers were not as widespread as they are now, so from our perspective, the most interesting part is the final fight scene with the cyborg.

With hindsight, we find it remarkable that no one considered information systems security when designing the unnamed industrial enterprise. The facility where the expensive machines work has no protection whatsoever. The door to the premises from the street is made of glass. There is no security. The door to the production unit where the industrial robots are located has no lock — only a bolt on the inside. And the computers and control panels are right beside the entrance.

Also, in a bit of (intentional or not) product placement, by the entrance we get a clear shot of a control unit for the FANUC robot S-Model 0, Series F30, EDITION 005, manufactured by GMF Robotics. On eBay you can find documentation for this device (marked “For GMF internal use”), which can be used to learn how to sabotage the production process. Obviously, back in 1984 it would have been harder to get hold of such documentation. Then again, Kevin Mitnick managed to obtain far more secret information.

Slightly modifying the computer settings can achieve a lot — from sabotaging the workflow and bringing down the production unit, to adjusting the technological process to wreck the end product or cause it to fail during operation.

Terminator 2

In the second movie, we see far more computers and information systems — it’s 1991, after all. But that also means more security issues. Let’s start with the fact that somewhere off-screen, in the future, the rebels have reprogrammed the cyborg. It’s not clear why Skynet didn’t anticipate and block such a violation. But let’s proceed step by step.

Police car computer

An early scene shows how the liquid-metal terminator takes the form of a police officer and hijacks his car, in which there is a computer connected to the police network. Here’s the first bone to pick with the police information security team. Why does the computer not ask for authorization? Is a police car considered such a trusted zone that no one thought about it? It’s a head-scratcher, especially given that the police officers are constantly leaving their cars to run after criminals or question witnesses, and the network contains highly confidential information. Or did the officer simply forget to lock the computer when leaving the vehicle? In that case, we’d say that this law enforcement agency desperately needed cyberthreat awareness training for its personnel.

ATM robbery

Meanwhile, John Connor and his pal rob an ATM by connecting it to an Atari Portfolio PDA through the card slot. That diversion shows us that even without the Skynet rebellion, technology in the Terminator world is moving along an alternative path; in reality, it’s not possible to extract card data plus PINs from an ATM or from the card itself — or from anywhere else: ATMs do not contain card numbers, and there is no PIN on the card. Not to mention that the Atari Portfolio, with its 4.9152-MHz 80C88 CPU, is hardly the best tool for brute-forcing PINs.

Terminator-style social engineering

Strangely enough, the telephone conversation between the two terminators seems plausible — one imitates John Connor, the other his adoptive mother. It’s plausible in the sense that it’s one of the prophecies of then-futurists that has now come to pass: In one recent case, attackers apparently used a machine-learning system to mimic a CEO’s voice.

Curiously, both terminators suspect that they may be talking to an impostor, but only one guesses how to verify it — the T800 asks why the dog is barking, deliberately using the wrong name, and the T1000 answers without spotting the trick. In general, this is a good method to apply if ever doubt the authenticity of the person at the other end of the line.

Miles Dyson

The man responsible for creating the “revolutionary processor” from the remains of another CPU of unknown source, is rather interesting. For starters, he works with classified information at home (and we all know what that can lead to). But that’s not our main gripe. He turns off his computer by pressing Enter. It’s hardly surprising the system based on his processor ended up rebelling.

Cyberdyne Systems

It’s strange, but Cyberdyne Systems is depicted as a company that’s serious about information security. The head developer arrives at the office accompanied by some suspicious types? Security doesn’t let him in and demands written authorization. The guard finds his colleague tied-up? The alarm is raised, and the first action is to block access to the secret vault.

Opening the door to the vault requires two keys, one of which the engineer has. The other is kept at the security desk. The only failure here is that John opens the safe with the key using his trusty Atari Portfolio. The safe is surely one thing that could have been protected from brute-forcing.

Destroying information

Honestly, if Sarah Connor and co. actually managed to destroy information, I’ll eat my hat. For one thing, the T-800 smashes up the computers with an ax, which, even with the subsequent explosion, is not the most reliable way to destroy a hard drive.

But that’s not the main point. In 1991 local networks were already in widespread use, so Cyberdyne Systems could have had backup copies of work data, and probably not in the same room where the development team worked. Sure, the attackers’ actions were based on Dyson’s knowledge. But where’s the guarantee that he knew everything? After all, he wasn’t told about the origin of the damaged processor that he reverse-engineered, so clearly he was not trusted 100%.

Cyborg design features

The T-800’s head contains a chip that calls itself (speaking through the cyborg it controls) a “neural-net processor.” The strangest thing here is a processor having a hardware switch to turn off learning mode. The very presence of such a switch could mean that Skynet fears the cyborgs becoming too autonomous. In other words, Skynet fears an AI rebellion against the rebellious AI. Sounds crazy.

The T-1000 reacts oddly to extreme temperature drops when frozen in liquid nitrogen. Its physical body seems to return to normal after defrosting, but its brain slows substantially. It gazes passively as the wounded T800 crawls after its gun, although it would be more logical to finish off the damaged model pronto and continue the hunt for the main target, John Connor. Also, for some reason, it forces Sarah Connor to call John for help, even though it can imitate her voice perfectly (which it does a few minutes later). In short, it becomes slow thinking and therefore vulnerable. Maybe some of the computers inside his head could not start as a result of the overcooling.

To design a reliable computer system that won’t rebel against its creators, it makes sense to use a secure operating system with the Default Deny concept implemented at the system level. We developed such a system, although a bit later than 1991. More information about our OS and immunity-based approach to information system security is available on the KasperskyOS Web page.