Skip to content
Let's Find Your Solution: (800) 905-8622

Information Security Risks – A Star Wars Story (SPOILERS)

WARNING! This blog contains Spoilers to the movie Star Wars: Rogue One.  Do not read any further if you have not yet watched the movie and don’t want it ruined for you.

 

Last chance to stop reading.

 

Okay…

 

Tom Bard – Information Security Engineer

 

The Re-programed Droid…

 

There are a number of issues with this reprogrammed droid K2 that  I have.  First reprogramming has obviously left issues with the droids code as a whole.  This was even stated in the movie.  These bugs would cause more issues than just a weird temper.  There would be issues with how it is able to communicate with networks as a whole.  On that, a civilization with this advanced of technology would have wireless technology embedded in all of these droids, and one would think some sort of location and anti-theft technology.  These two features would make it difficult if not impossible to steal one of these droids and still have it be able to operate somewhat normally.  Think of an Android Phone or an iPhone, when these are rooted or jailbroken they lose the ability to receive updates and support for legitimate applications drops off.  Also, if you let hacked devices on your network how would you feel?

 

The Patrol…

 

This more so is an effect on force protection and/or information assurance then anything.  When the empire troops were transporting the kyber crystals through Jedha there was no preceding patrol that was clearing ahead of the cargo.  BIG no, no here.  You need to sweep ahead of your cargo with a patrol that is picking out spacious individuals and taking those over watch positions that were exploited by the extremists.  Still not pertinent to cyber security but still very pertinent to information assurance as a whole.

 

The Authorization Code…

 

When the newly formed Rogue One unit takes the stolen Imperial ship to Scarif they use the ships authorization code to get through the security check point (shield gate)  to reach the surface of the planet.  This ship should have been known to be stolen, or at least destroyed.  So how does their ship so easily pass through this high security area?  There were no revocation checks in place, similar to certificate revocation, that could have validated the authorization code.  If there were revocation checks there is a whole other issue here.  Complacent and/or lazy guards that saw the check fail but blew it off as an error.  Then again Jyn was marveling in the kyber crystal that she was wearing around her neck so I guess we can chalk it up to The Force influencing the guard to ignore the invalid code.

 

The Ship Inspection…

 

Four “men” enter, two “men” (and a droid) leave.  I think this would be a little suspicious to an alert Storm Trooper.  What happened to the other Strom Troopers that entered the ship?  Why does that office look completely different then when he boarded?  Why does he have so much stubble?  Also, why is there a physical manifest?  That should have been sent before the ships landing pad was ever designated so that the proper landing pad could be assigned based off of the cargo.  If you had a highly secure facility that contains all of you trade secrets and plans for galactic domination wouldn’t you be a little bit more attentive to who is entering and what they have before you ever let them through the gate?  I would hope so.  You would that given the technology they had that everything on that ship could have been designated and accounted for remotely.  I’m sure that any postal carrier can do that right now, and we don’t have light sabers yet.

 

The easily access data vault…

 

Let’s just walk up to this lone guard in an unmonitored room that is adjacent to the vault that holds the plans to devious war machines and classified structures.  What no cameras, droids, dead man alarms, nothing to alert a QRF (quick reaction force) that something is wrong here.  It’s not like you are under attack already lest leave our crown jewels unguarded so that we can handle other issues.  Bad choice.  In a situation like this you would at least want a man trap between the entrance of the guard station and the entrance of the room.  Again, one guard!  Always at least two guards need to be on station for data that is this sensitive.

 

Let’s make another pass at the reprogramed droid here.  How is a reprogrammed droid able to get such easy access to your security controls.  We have NAC (network access control)  that keeps unwanted devices from connecting to our networks right now.  You would think that they would at least be able to identify an unauthorized droid on their network.  Then again K-2SO did hack another droid on their way in.  K-2 could have been using that droid’s identity to move latterly through the environment.

 

No encryption…

 

This has bugged me about Star Wars for a long time now.  You have these top secret, Skunk Works style plans for a weapon of mass destruction and you don’t encrypt anything.  I am at a loss of words for how poorly executed this data storage strategy is.  Since when do we just store things in the clear that are this important to us?  Not only that but “We are receiving a transmission from the surface of Scarif.”  Did they actually just intercept the transmission with no effort what so ever?  Come on, even people that have no idea of what information security is still use WEP (wired equivalent privacy)  (at least) for their home WLAN (wireless local area network) even though its weak and hackable in 20 minutes or less it is still something.  In the Marine Corps we have communications individuals that took care of our radios.  They also took care of the crypto for the radios and this changed before each mission, and sometimes during a mission.  What is stopping the Empire from having the same ability that we have had since World War 2?  Or did they just give up on encryption because it is able to be reversed so fast due to their advanced technology?  I’m going to go with the latter here as I don’t want to ruin my faith in the series.

 

I hope that you enjoyed reading this.  If anything I hope that this helps spur more conversations about Information Security issues in Star Wars: Rogue One.