Solo: A cybersecurity story

“Solo: A Star Wars Story” from a cybersecurity point of view

Solo: A Star Wars Story gives us a look at the security of some unusual objects: border control at Corellia, the conveyex railway on the Vandor-1, and the privately owned Kessel ore-mining complex.

So far, LucasFilm has shown us only imperial military bases in its cinematic cybe-investigations. That’s an interesting take, but it’s rather monotonous. Solo: A Star Wars Story gives us a look at the security of some unusual objects: border control at Corellia, the conveyex railway on the Vandor-1, and the privately owned Kessel ore-mining complex. We cannot call events that occurred there purely cybersecurity incidents. So let us look at them in order of decreasing cybercomponent importance.

Kessel: Mining facility

Incident: Beckett’s gang penetrates the mining complex, where the Pyke Syndicate mines and stores raw coaxium hyperfuel. They seize the control center, break the droids’ restraining bolts (disrupting their normal operation), and, in the resulting riot, steal some coaxium.

Analysis: Droids operating in the control center are equipped with restraining bolts. From past cinema investigations, we know that such devices are used only if a droid was “pirated.” In fact, unlicensed, stolen machines work in the control center of the critical infrastructure facility. Their loyalty is achieved through hacker intervention in their motivation system.

I must say, this problem is relevant beyond the Star Wars universe. Last year, our KL ICS CERT published an analysis of threat landscape for industrial automation systems. One of their recommendations was to get rid of unlicensed, “cracked” software, which can contain  back doors or be infected with malware. In other words, it can be controlled by a third party. A droid being a typical cyberphysical device, it is no different in this case from the pirated software operating on an industrial facility.

However, that would not be a problem, if the director of the mine stopped bringing outsiders to his office in the facility’s control center, providing access to control over all systems, including security, in that part of the installation. As a result, attackers not only gained access to surveillance cameras and remote door control, but they also disabled the droids’ restraining bolts, which led to rebellion and general chaos.

Vandor-1: Conveyex railway

Incident: Two competing gangs traveling between two imperial facilities try to steal a container of hyperfuel. The Beckett gang has jammed the train’s transmissions, disconnected the cars behind the container with coaxium, blasted the bridge, and, having dropped the remains of the train into the chasm, is trying to steal fuel using a stolen imperial transport. A gang, led by Enfys Nest, is interfering in the operation, trying to intercept the container, which, as a result, falls and collapses.

Analysis: Coaxium is a very expensive and extremely explosive substance. Therefore, the Empire is quite serious about transport infrastructure safety: One of the train cars contains an armed guard; and on the road are towers with viper droids ready to intervene in case of an incident. In addition, additional sensors equipped with integrity control are posted along the railway. They use a wired communication channel to transmit signals. The destruction of one of these sensors triggers the security system and summons the droids.

Of course, it is possible to make a more sophisticated security system. However, in fact, there is only one mistake — the loss of communication with the connected train should already work as a trigger to activate the alarm and call security droids. Not that they were super-effective, but it is possible that if they acted simultaneously with the imperial troopers aboard the train, the crime could have been prevented.

Corellia: Border control

Incident: A pair of criminals tries to leave Corellia without any documents. On the way to the spaceport, they ram the barrier and destroy the droid at the guarded area checkpoint. Then they bribe the imperial officer and try to leave the control zone. The officer raises the alarm only after local gangsters grab one of the intruders.

Analysis: Generally speaking, this incident is related to physical security rather than informational. However, the identification chip is used as the main document in the port, and it is definitely a cybersecurity device. At the border point of the spaceport, there are strict rules — a person who does not have an identification chip cannot leave the control zone. By itself, Corellia is an industrial planet specializing in shipbuilding. On the port territory, you can see parts of the imperial warships. Despite this, two problems are visible to the naked eye:

  1. The imperial staff is corrupt. Any security system is unreliable if you can bribe the people responsible for its work. Moreover, this is not an isolated incident — Han and Ki’ra do not go to the officer who is known to be corrupt, but rather offer a bribe to the first person they encounter. So, it is not a secret; everyone knows that imperial officers can be bribed. In essence, this is precisely the reason for the fall of the Galactic Empire.
  2. The identification chip, which in theory is needed by every person who leaves the planet, is in fact not used for real passenger identification. An officer opens the door out of the control zone manually. But if the chips are used anyway, you can connect a device that can scan them to the system that opens the door. Such an option would allow controlling the number of persons passed through the door and log the scanned chips. Not a 100% guarantee, of course, but at least it would make life difficult for corrupt officials.

Also, the automated security system should have sounded the alarm at the time of barrier ramming, or at least when the security droid was destroyed.

 

All three incidents show that it is impossible to make a proper cybersecurity system when there are problems with physical security. Security services should be coordinated and act together; only then will it be possible to provide a reliable level of protection — especially if we are talking about protecting a critical infrastructure facility.

Tips