The Empire is defeated (not quite). Power lies in the hands of the New Republic (also not quite). As a result, the galaxy has finally come to resemble a cyberpunk, gun-slinging Western. Here\u2019s how things stand with information security in these troubled times.<\/p>\n
First, a few words about privacy. Actually, just three: There ain\u2019t any. Bounty hunters are now given a device known as a tracking fob to hunt down their quarries. Although it doesn\u2019t seem to work in outer space, on a planet it clearly shows the direction to the target. The technology behind this device is unknown.<\/p>\n
Is a beacon implanted in the target? That explanation seems reasonable when escaped criminals are being tracked. But the bounty hunters\u2019 guild doesn\u2019t limit itself to known<\/em> criminals. Also, who could have implanted a beacon in a baby of Yoda\u2019s race, and when? And why did no one come up with the idea to remove or at least jam the beacons? And if it\u2019s not a beacon, how does the tracking device home in on the target? Using some kind of biological signature? Whatever the case, if someone can create a fob to track any living creature, there can be no talk of any privacy.<\/p>\n In case you still have any doubts that privacy is dead, consider the optical sight on the Mandalorian\u2019s rifle, which enables him to see infrared radiation through walls and even eavesdrop on conversations occurring in people\u2019s homes (albeit with interference).<\/p>\n Din Djarin, simply referred to as the Mandalorian most of the time, travels on a fairly old Imperial patrol gunship called the Razor Crest<\/em>. Some of the security problems aboard the ship are visible even to the naked eye.<\/p>\n First, the gun cabinet uses an electronic lock, but any passerby can open it. On at least two occasions, characters you wouldn\u2019t associate with hotshot hacking or cracking skills opened it simply by poking a few buttons. It looks as though they used the \u201cold intercom\u201d method of identifying which buttons are visibly worn to help them brute force the password. That also means the password was weak and probably hadn\u2019t been changed for years.<\/p>\n Not only that, the on-board computer stores records of holographic messages, and without any special protection to speak of. The droid Zero stumbles upon one of them during a cursory analysis of the ship\u2019s systems, and accesses it without any apparent hacking efforts.<\/p>\n Naturally, both the gun cabinet and the communications system are on board. Their low level of protection might have been offset by the super-security of the ship itself. But no, the Mandalorian is forever leaving the ship unlocked and returning to find an ambush inside. In other words, anyone in theory can access the weapons and data logs.<\/p>\n The assassin droid IG-11, which also works as a bounty hunter, is implemented with an interesting protection technology \u2014 a self-destruct mechanism. When faced with danger, it declares: \u201cManufacturer\u2019s protocol dictates I cannot be captured. I must self-destruct,\u201d after which a countdown begins.<\/p>\n Seems like a great feature, but it doesn\u2019t work. If the manufacturer considered it necessary, it would have been more logical to separate it from the operating system. After all, to capture the droid, all you have to do is damage its electronic brain (which is basically what happens: The Mandalorian shoots IG-11 in the head and it simply shuts down, after which Kuiil reprograms it). That is, the self-destruct mechanism was a good idea, but its implementation was downright poor.<\/p>\n A separate question is how just anyone can be allowed to reprogram the droid. But IG-11 is not unique in this regard. We already determined that Star Wars droids<\/a>, like other IoT devices, should be fitted with a secure operating system<\/a> that cannot be modified in any way except by those designated by the developers.<\/p>\n In one episode, Din Djarin signs up to rescue a prisoner who is being transported aboard a prison ship. The plan is this: The Razor Crest<\/em> performs a series of maneuvers to approach the vessel, jams some kind of warning code, masks its signal, and then docks, whereupon the team disembarks, locates the control room, finds out the cell number, breaks in, and frees the target.<\/p>\n Let\u2019s suppose that some unique design features enable the Mandalorian\u2019s old ship to sneak up on the rebel ship undetected. Let\u2019s suppose that Zero knows how to jam and mask the signal so that the prison ship\u2019s systems do not detect the docking of a foreign object. Let\u2019s suppose that he really is able to penetrate the security system (although the very idea of externally connecting to it seems insane). And let\u2019s suppose that, as a result, the security system does not raise the alarm when the external hatch is breached, and that when the alarm is<\/em> finally raised because of a skirmish with security droids, Zero can direct the reinforcements to another part of the ship.<\/p>\n Assuming all that, why on Earth (or whatever nearby planet) is there a lock in the prison cell that can be opened from the inside? And why is it possible to do that using a security droid\u2019s arm, without any electronic systems at all? And, above all, why does Din Djarin describe this flying madhouse as \u201cmax security transport\u201d?! Heaven only knows what a low-security transport would be like.<\/p>\n This episode also features a rather dubious security device in the form of a homing beacon, which summons a patrol unit of Republic starfighters. Okay, so that\u2019ll get them there. Then what? The enemy is on board; are the Republic fighters going to blow up the ship along with all the prisoners? Or will three pilots dock and take the fight inside? At least the device seems to be working.<\/p>\n Other minor details in the series are also a disaster from an information security perspective. For example, in the final episode, the Mandalorian (supposedly an experienced warrior and bounty hunter) communicates with Kuiil over an open channel, which the stormtroopers listen in on and then seize Kuiil. And don\u2019t forget that Star Wars<\/em> classic: electronic locks that open when fired at.<\/p>\n In short, a long time ago in a galaxy far, far away, cybersecurity was very, very bad.<\/p>\n","protected":false},"excerpt":{"rendered":" A long time ago in a galaxy far, far away, a lone Mandalorian warrior suffered from cybersecurity issues, both other people\u2019s fault and his own.<\/p>\n","protected":false},"author":700,"featured_media":27324,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,3020,3021],"tags":[2895,2484,3116],"class_list":{"0":"post-27323","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-enterprise","9":"category-smb","10":"tag-mtfbwy","11":"tag-star-wars","12":"tag-truth"},"hreflang":[{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/star-wars-mandalorian-cybersecurity\/27323\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/star-wars-mandalorian-cybersecurity\/21144\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/star-wars-mandalorian-cybersecurity\/16649\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/star-wars-mandalorian-cybersecurity\/8221\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/star-wars-mandalorian-cybersecurity\/22172\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/star-wars-mandalorian-cybersecurity\/19896\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/star-wars-mandalorian-cybersecurity\/18595\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/star-wars-mandalorian-cybersecurity\/22610\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/star-wars-mandalorian-cybersecurity\/21513\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/star-wars-mandalorian-cybersecurity\/28300\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/star-wars-mandalorian-cybersecurity\/8201\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/star-wars-mandalorian-cybersecurity\/35263\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/star-wars-mandalorian-cybersecurity\/14770\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/star-wars-mandalorian-cybersecurity\/15122\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/star-wars-mandalorian-cybersecurity\/13458\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/star-wars-mandalorian-cybersecurity\/23906\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/star-wars-mandalorian-cybersecurity\/25370\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/star-wars-mandalorian-cybersecurity\/27488\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.za\/blog\/tag\/mtfbwy\/","name":"MTFBWY"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/27323","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/users\/700"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/comments?post=27323"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/27323\/revisions"}],"predecessor-version":[{"id":27325,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/27323\/revisions\/27325"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/media\/27324"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/media?parent=27323"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/categories?post=27323"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/tags?post=27323"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Razor Crest<\/h2>\n
IG-11<\/h2>\n
The New Republic\u2019s prison ship<\/h2>\n