{"id":18420,"date":"2019-12-20T15:43:57","date_gmt":"2019-12-20T15:43:57","guid":{"rendered":"https:\/\/www.kaspersky.co.uk\/blog\/?p=18420"},"modified":"2019-12-20T15:43:57","modified_gmt":"2019-12-20T15:43:57","slug":"star-wars-rise-of-skywalker","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.uk\/blog\/star-wars-rise-of-skywalker\/18420\/","title":{"rendered":"The cybersecurity of Star Wars: The Rise of Skywalker"},"content":{"rendered":"<p>The long-awaited <em>Star Wars: The Rise of Skywalker<\/em> has finally hit the big screen. Not everyone has seen it yet, so we will not give away any spoilers or discuss the Death Star\u2013size holes in the plot, or even the film\u2019s artistic merits and demerits. We are interested in <em>Episode IX<\/em> solely from the standpoint of information security. So this post will cover cybersecurity-related moments in the movie, and see how well (or otherwise) the characters acted.<\/p>\n<h2>Data transfer from ship to ship<\/h2>\n<p>In the <em>Star Wars<\/em> universe, data transfer is a bit of a muddle. Some information can be transmitted quickly across vast distances, other types only on physical media. Regrettably, we do not have a clear understanding of how communication works in the galaxy, or how reliable the data transfer protocols are. But the Resistance infosec team probably does. And it is clearly not keen on wireless methods.<\/p>\n<p>When at one point Resistance pilots have to transmit secret data from one ship to another, they act as follows:<\/p>\n<ul>\n<li>The ships hover one above the other;<\/li>\n<li>The hatches open;<\/li>\n<li>A cable is passed through the hatches;<\/li>\n<li>R2D2 downloads information through the cable.<\/li>\n<\/ul>\n<p>In essence, it\u2019s a <a href=\"https:\/\/en.wikipedia.org\/wiki\/Null_modem\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">null modem connection<\/a> from the 1980s. Convenient? Nope. Safe? Definitely. The chances of the transferred data being intercepted are minimal.<\/p>\n<p>10 points to the Resistance for cyberawareness!<\/p>\n<blockquote class=\"wp-embedded-content\" data-secret=\"ndPaG7qrhJ\"><p><a href=\"https:\/\/www.kaspersky.com\/blog\/star-wars-cybersecurity-problems\/6392\/\" target=\"_blank\" rel=\"noopener nofollow\">Star Wars: the Empire state of cybersecurity problems<\/a><\/p><\/blockquote>\n<p><iframe loading=\"lazy\" class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; clip: rect(1px, 1px, 1px, 1px);\" title=\"\u201cStar Wars: the Empire state of cybersecurity problems\u201d \u2014 Daily - English - Global - blog.kaspersky.com\" src=\"https:\/\/www.kaspersky.com\/blog\/star-wars-cybersecurity-problems\/6392\/embed\/#?secret=TG8OydJhzI#?secret=ndPaG7qrhJ\" data-secret=\"ndPaG7qrhJ\" width=\"500\" height=\"282\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe><\/p>\n<h2>Droid memory<\/h2>\n<p><em>Star Wars: The Rise of Skywalker<\/em> goes into a bit more detail than the other episodes when it comes to showing how droids access information (at least for C3PO). It goes like this: C3PO sees a blade with inscriptions in the ancient language of the Sith. Being a professional translator, the droid decrypts the inscriptions \u2014 but cannot share the results. The operating system hinders that action \u2014 specifically, a pre-Imperial directive in the OS prohibits the Sith language.<\/p>\n<p>To gain access to the information, the operating system must be disabled. The problem is that disabling the OS returns the system to its default settings \u2014 that is, the droid loses all the information accumulated over its long existence. Basically, its \u201cpersonality\u201d is wiped. The hacker connects a third-party system with no restrictions on the Sith language and easily translates the prohibited data records. C3PO then reboots, but with no knowledge of the uprising or the Empire. The droid does not even recognize its comrades.<\/p>\n<p>I must say, the data protection method chosen by the OS creators is far from ideal (yes, I know that Anakin Skywalker assembled the droid, but the OS was clearly off-the-shelf). In modern systems, the strong encryption used in such cases prevents access to data when booting from an external OS (for example, from a USB flash drive). In other words, the creators of this system used too light an encryption algorithm, or none at all.<\/p>\n<p>That would seem to be an obvious problem in terms of cybersecurity. Not this time. The system was written by no one knows who, and in the days of the Republic at that. But before the flight, R2D2 had the gumption to make a backup copy of all of C3PO\u2019s memory \u2014 identity included \u2014 and without the latter\u2019s knowledge. The way we see it, you can never have too many backups. So, 10 more points to the Resistance.<\/p>\n<blockquote class=\"wp-embedded-content\" data-secret=\"mr9bZbtFVi\"><p><a href=\"https:\/\/www.kaspersky.com\/blog\/solo-starwars-cybersecurity\/26860\/\" target=\"_blank\" rel=\"noopener nofollow\">Solo: A cybersecurity story<\/a><\/p><\/blockquote>\n<p><iframe loading=\"lazy\" class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; clip: rect(1px, 1px, 1px, 1px);\" title=\"\u201cSolo: A cybersecurity story\u201d \u2014 Daily - English - Global - blog.kaspersky.com\" src=\"https:\/\/www.kaspersky.com\/blog\/solo-starwars-cybersecurity\/26860\/embed\/#?secret=OamUNnVjrq#?secret=mr9bZbtFVi\" data-secret=\"mr9bZbtFVi\" width=\"500\" height=\"282\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe><\/p>\n<h2>First Order universal pass<\/h2>\n<p>So as not to spoil <em>The Rise of Skywalker<\/em>, let\u2019s just say that at some point, the protagonists are presented with a device that basically turns out to be a universal authenticator for First Order ship captains. Armed with such a device, your ship will automatically be identified by First Order forces as one of their own.<\/p>\n<p>The heroes use it to land some kind of rust bucket aboard Kylo Ren\u2019s flagship. But why was such a security-lax device made in the first place? Why did its creators not foresee the possibility of it being lost or stolen? Why didn\u2019t they implement two-factor authentication?<\/p>\n<p>That\u2019s 10 points from the Imperial Remnant.<\/p>\n<p><em>The Rise of Skywalker<\/em> also contends with the murky business of Sith artifacts and charades that enable the location of an uncharted planet. But we shall not consider this; it\u2019s way beyond the realm of modern information security.<\/p>\n<p>So, to sum up, it seems that the good guys scored 20 points, while the bad guys are left trailing with minus 10. It\u2019s no wonder evil never triumphs in Hollywood.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kesb-trial\">\n","protected":false},"excerpt":{"rendered":"<p>A report on attitudes to information security a long time ago in a galaxy far, far away, as exemplified in Star Wars: Episode IX.<\/p>\n","protected":false},"author":700,"featured_media":18421,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1836,2361],"tags":[2231,2232,421],"class_list":{"0":"post-18420","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-death-star","10":"tag-mtfbwy","11":"tag-star-wars"},"hreflang":[{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/star-wars-rise-of-skywalker\/18420\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/star-wars-rise-of-skywalker\/18355\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/star-wars-rise-of-skywalker\/15232\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/star-wars-rise-of-skywalker\/20062\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/star-wars-rise-of-skywalker\/16820\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/star-wars-rise-of-skywalker\/20811\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/star-wars-rise-of-skywalker\/19587\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/star-wars-rise-of-skywalker\/25944\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/star-wars-rise-of-skywalker\/7515\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/star-wars-rise-of-skywalker\/31916\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/star-wars-rise-of-skywalker\/13844\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/star-wars-rise-of-skywalker\/12617\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/star-wars-rise-of-skywalker\/21821\/"},{"hreflang":"zh","url":"https:\/\/www.kaspersky.com.cn\/blog\/star-wars-rise-of-skywalker\/10588\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/star-wars-rise-of-skywalker\/26472\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/star-wars-rise-of-skywalker\/24762\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/star-wars-rise-of-skywalker\/20775\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/star-wars-rise-of-skywalker\/25643\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/star-wars-rise-of-skywalker\/25474\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.uk\/blog\/tag\/star-wars\/","name":"star wars"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/18420","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/users\/700"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=18420"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/18420\/revisions"}],"predecessor-version":[{"id":18422,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/18420\/revisions\/18422"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/media\/18421"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=18420"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=18420"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=18420"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}