Cybersecurity in season 3 of The Mandalorian

Season 3 of The Mandalorian TV series gave us a look at the state of information security in the Star Wars universe nine years after the Battle of Yavin. And the more I watch this show, the more I get the impression that all the infosec problems of the galaxy far, far away have two roots — negligence and droids. Before you continue reading, please be warned that there may be spoilers in the text.

The whole situation with droids in the Star Wars universe brings forth a certain… ethical-moral issue. The thing is, they’re sentient (they think, feel. and have emotions), while at the same time they’re owned by someone (or something). And even the “good” characters don’t regard this as much of a problem. Meanwhile, droids can have motives of their own, which don’t necessarily coincide with the whims and wishes of their owners.

Of the new things we learned from this season of The Mandalorian, we now know how droids get their software updates. It turns out, they visit bars to get updated… through booze! (I guess that makes a good excuse when asked “why are you drunk again?”: “Just updating, darling!”) The bars serve the drink Nepenthe, which is a lubricant for protection against mechanical wear-and-tear mixed with subparticles delivering programming updates and new commands from the mainframe. Truth be told, this doesn’t seem very safe: droids operate in almost every corner of the galaxy, while it’s the first time ever we see a bar for them. Still, at least now we know they can get any updates at all!

Assassin droid IG-11

Toward the end of Season 1, the rehabilitated assassin droid IG-11 — while surrounded by the Imperials — declared that, according to his manufacturer’s protocols, he should never be captured by the enemy, and so activated self-destruction. In theory, this is a good idea: it was designed not only to protect the information in the droid’s memory, but also to prevent turning the droid against the original owner.

However, there’s one problem: poor implementation of this self-destruct mechanism. In the third season, the lead character decides to reactivate his fallen comrade-in-arms. And it comes to light that this is quite doable! Moreover, even though the machine has lost plenty of its marbles, some scraps of information are still there — for example, it can still quote subparagraph 16 of the Bondsman Guild protocol. This vividly demonstrates how the self-destruct mechanism is not to be trusted with emergency data destruction: it’s not so reliable.

Astromech droid R5-D4

R5-D4 is a distinguished droid. He’s one of the first defective droids we see in the Star Wars universe ever. R5 is there from the very first (fourth) episode of Star Wars, when he was passed over for purchase by Luke Skywalker from Jawas due to a motivator malfunction. In the third season of The Mandalorian, the droid is foisted upon the series’ namesake as a co-pilot and to explore the planet of Mandalore — mostly destroyed by war. However, it turns out that R5 doesn’t show a great deal of respect for ownership rights, and stays true to his former masters — ex-rebels, now New Republic pilots.

We never find out whether this is due to astromech’s default functionality or a repercussion of software modification carried out by the rebels, but R5-D4 is able to access information networks and gain control of Imperial security systems. But that’s not what should concern: after all he does this in his owner’s interests. What’s more troubling is that one fine day he leaks the Mandalorians’ covert coordinates to his former war buddy. Furthermore, when Captain Teva decides to seek out the Mandalorians’ hiding place, he hardly goes and talks to all the droids he knows. Which means R5 keeps reporting his whereabouts to his Rebel friends and spies on his owners.

Reprogrammed droids from Plazir-15

The planet Plazir-15 is a world where people don’t work — all their labor-consuming jobs are done by reprogrammed Imperial and separatist droids. Let’s leave aside the question of why other worlds don’t live the same way, while the New Republic persists in scrapping Imperial equipment. Most of the time repurposed droids are grateful for a second chance, because otherwise they’d be disassembled. And yet the planet constantly faces droid-related incidents — from minor sabotage to direct assaults on humans.

The lead character undertakes an incident-response-team role to investigate the recent series of incidents, and discovers that the droids’ software has been tampered with. And the tampering was accomplished by poisoning the above-mentioned update delivery mechanism: in one of the batches of Nepenthe, subparticles were replaced with nano-droids that reprogram the drinkers to force them to inflict harm upon humans and their property. Yet another reason to doubt the reliability of this firmware update mechanism.

However, it’s not at all difficult to find the culprit. Commissioner Helgait, head of security in charge of the local SOC, is also a hacktivist. But this (so-called) colleague of ours went and left a financial trail by ordering nano-droids from the local information-security office under his own name (despite being head of security!). As least he was smart enough to create a mechanism to roll reprogrammed battle droids back to a separatist firmware version; only problem — he failed to actually use the mechanism for lack of time.

Cybersecurity status of the main factions

All in all, there’s one word to describe the developments in the information security policies of both the New Republic and the Imperial remnants, and the word is degradation.

New Republic

The New Republic is actively trying to integrate former Imperial servants into society. No doubt, it was a commendable initiative. However, it’s not the most prudent decision of all to give folks who’d fought on the enemy side less than a year ago access to any secret information. But this bothers no one: Moff Gideon’s (bad guy) former communications officer (bad guy) can be seen walking up and down the office of Colonel Tuttle (good guy) — in charge of distributing military aid to the Republican worlds. Meanwhile a former Imperial scientist is taking stock of discarded Imperial assets.

The situation is bad from any angle:

• There’s an Imperial probe droid hovering in the middle of the Coruscant (the Republic’s capital), which maintains direct interplanetary video communication between the Imperials and their spies.
• Within the limits of the city (yeah, the whole planet is actually within the limits of the city, but still) there sits, quite unguarded, an Imperial capital ship — anyone can walk right in and borrow some tools that aren’t quite legal.
• The “mental rehabilitation” procedure for victims of Imperial propaganda isn’t secured at all: Republic officers leave a perfect stranger at the Six-O-Two Mitigator’s control panel, even though manipulations with it can harm the patient or compromise the procedure.

Imperial remnants

The last two episodes present us with an opportunity to look at an Imperial base in the ruins of Mandalore. And it looks like the base was designed by someone with a very strange outlook on security. The base has a full-fledged information security and communications center, from which local specialists can track the movements of outsiders on the base map and connect to Imperial commanders stationed on other bases. As you would expect, the important information systems have strong physical security measures: to reach the center one has to pass a corridor with multiple force fields with Imperial stormtroopers posted in-between. But, believe it or not, the center has another door, which leads to a hangar with access to the surface of the planet! And that door isn’t guarded at all! Which kind of casts doubts as to the reliability of the overall access security system.

Other than that, there are the standard Imperial key system security screw-ups:

• The control panel that controls cloning facility can be accessed without any authentication whatsoever — sabotage it all you can.
• Scattered all over the base are ports for external droid interfaces, through which a totally unauthenticated droid can not only deactivate the force fields blocking the corridor, but also put out of action the fields’ regular controls. Come on, Imperials, didn’t you have the Death Star hacked the same way less than 10 years ago? Wasn’t there enough time to devise some countermeasures and add some security updates?

Ship control interception mechanism

There was one more incident on Plazir-15 — not very prominent but quite an alarming one. The local traffic control center somehow managed to take control over a Mandalorian spaceship during its landing approach. A rational arrangement in theory: it’s better to have the landing controlled by someone with local landscape knowledge. But on a practical level, the very existence of such a technology on a combat ship is a threat. One day it’s going to be exploited in a combat situation to crash the starfighter on the surface of the planet or into another spaceship.

How to avoid a fair share of these problems

The trouble with droids and spaceships could have been avoided if their information systems were based on a cyber-immune operating system. That would make droids, despite their wishes to the contrary or external commands, unable to perform any actions unless specifically sanctioned by the owner’s programming. Other than that, officers of the Empire and the Republic alike would be far better off with regular modern cybersecurity awareness training.