The Matrix trilogy (The Matrix, The Matrix Reloaded, The Matrix Revolutions) told of the successful implementation of the metaverse before the idea went mainstream. The creator of this virtual world (or, rather, neural-interactive simulation), we learn, was an artificial intelligence that once defeated and enslaved humanity. The process was not without bugs, which brings us to today\u2019s topic.<\/p>\n
For starters, between the limited data human characters have and the constant misinformation from the AI, viewers never know precisely what\u2019s true, or how realistic their view of the world is at any given moment.<\/p>\n
But we are not interested in philosophical subtext here; our focus is on information security, so we will rely on what are considered the established facts at the end of the third movie. Spoiler alert for anyone who hasn\u2019t watched the whole trilogy but intends to.<\/p>\n
At the trilogy\u2019s finale, it becomes clear that the struggle with rebels infiltrating the Matrix is all staged. For the latest cycle of rebellion to succeed, the Matrix needs a certain number of external enemies, so we don\u2019t know for sure whether the agents are really trying to catch Morpheus and his team, or if they\u2019re just simulating a frenzy of activity. From a cybersecurity perspective, it\u2019s not clear whether we\u2019re seeing bugs or features \u2014 a design flaw or something deliberately introduced into the Matrix (perhaps as a sort of honeypot<\/a>).<\/p>\n The Matrix\u2019s population consists of avatars of enslaved humans who are wired to the system, and of programs that originally existed in the form of code. Why remote broadcasting of signals from outside the system was initially implemented, allowing third-party avatars to be uploaded, remains unclear.<\/p>\n Such anomalies are usually a result of some sort of debug access that someone forgot to close, but in this case the developers were not human, so that explanation doesn\u2019t fit. Anyway, even if they implemented remote connection on purpose \u2014 if it was a feature, not a bug \u2014 why didn\u2019t the auto-programmers implement a firewall to block any pirate signals?<\/p>\n Inside the Matrix, pirate avatars can appear and disappear only through phone cables (although how mobile and landline phones differ inside a virtual reality framework is not explained). Moreover, Matrix agents are, in principle, able to deactivate the line \u2014 at least, they cut it when Morpheus was captured. But if it is so critical for Matrix infiltration and exfiltration, why don\u2019t the agents ban it, or at least disable it throughout the operation zone?<\/p>\n Despite the objective need for such information, the Matrix lacks precise location data for each specific object inside virtual reality. We can assume that pirate avatars are able to hide their location in virtual space, but to stay on the tail of the still-connected Neo in the system, agents needed an additional tracking device. There\u2019s obviously a fault in the addressing system.<\/p>\n That raises questions about Morpheus\u2019 notorious red pill. In his words, it is a tracking program \u201cdesigned to disrupt your input\/output carrier signals, so we can pinpoint your location.\u201d Why isn\u2019t the Matrix monitoring for such anomalies? Being able to intercept the \u201crescue team\u201d seems pretty important.<\/p>\n Matrix agents are AIs that can temporarily replace the avatar of any human connected to the system. They can violate the conventional laws of physics, but only up to a point. The twins from the second part of the trilogy are far less impeded by physics, so why can\u2019t such conditional constraints be lifted, at least temporarily, during the operation to capture perpetrators? The whole point of the machines\u2019 hunt for Morpheus in the first movie was to gain the access codes to the Zion mainframe, which every captain knows. That raises a host of questions about why the person with the access codes to the rebels\u2019 critical infrastructure would also be the one who goes into the Matrix.<\/p>\n That point is especially strange if one recalls that there are people on board without any interface for connecting to the Matrix. Entrusting valuable information to them would obviously be far safer. It\u2019s a misstep by the liberated humans, plain and simple: equivalent in today\u2019s real world to attaching a sticky note with passwords to your monitor and then giving a TV interview with it in the background.<\/p>\n For some reason, the Matrix is unable to effectively get rid of programs that are no longer required. Lurking deep inside are various smart apps from old versions of the Matrix: information smugglers, semiphysical militants, a program called Seraph that defines its function as \u201cI protect that which matters most\u201d (a predictable slogan for any information security company).<\/p>\n According to the Oracle, they should all have been removed, but instead they chose to disconnect from the system and live autonomously inside the virtual reality. The existence of uncontrolled obsolete software is a clear vulnerability, just as it is in real life. They literally<\/em> help hackers attack the Matrix!<\/p>\n Some programs exist exclusively in the \u201cworld of machines\u201d yet can be smuggled in to the virtual world of the Matrix, which human avatars can inhabit. The ability to bring in such programs highlights some serious system segmentation issues. In particular, a direct communication channel should not exist between two segments designed to be isolated.<\/p>\n Among the exiles is the Keymaker program, which creates keys for backdoors. We don\u2019t know to what extent the Keymaker actually is an exile \u2014 perhaps he, like the Oracle, is part of the system to control the rebels through the Chosen One. Not only does the Keymaker cut access keys using a file and a lathe, but it also informs hackers of the existence of a whole corridor of backdoors granting access to different parts of the Matrix, from the Core Network to the Source, the heart of the system. Both the Keymaker and the corridor pose a fundamental security threat to the entire system, especially considering how it\u2019s protected against outsiders.<\/p>\n The main problem with the corridor\u2019s security is that for some reason it exists according to the notional laws of the virtual world, depending on emulated power plants (that do not actually produce power) and computers at these virtual stations. And these laws in the Matrix, as we know, are notoriously easy to break. Even putting an agent in the corridor would be more effective \u2014 so why didn\u2019t they? No money to pay its salary?<\/p>\n Matrix agents originally had a feature that let them replace the avatar code of any hardwired human. However, agents have always existed as individual copies. At the end of the first movie, Neo, having acquired anomalous abilities, infiltrates Agent Smith and tries to destroy him from the inside, with some part of the code of Neo\u2019s avatar being transferred into the agent\u2019s code. After that, Smith goes haywire and gains the ability to bypass artificial constraints, both the laws of the physical world and the ban on existing in one copy. In other words, he becomes a full-fledged virus.<\/p>\n By all appearances, Smith is the first virus in the Matrix; otherwise, there is no explanation for why the system has no antivirus solution for tracking software anomalies, isolating and removing dangerous applications that threaten the security of the system. Considering that most of the people freed from the Matrix are hackers, we find that very odd. <\/p>\n Be that as it may, the existence of Smith, now able to copy his code into any avatar or program, serves as an argument in Neo\u2019s negotiations with the AI. In the end, Neo physically connects to the Matrix, allows Smith to \u201cinfect\u201d his avatar, connects to the Smith-net, and destroys all of the Smiths.<\/p>\n As a result, the machines agree to a truce, to stop exterminating humans, and even to release those who don\u2019t want to live in the Matrix. But they could have just built a secure operating system<\/a> from the start, or at least used a reliable security solution<\/a> in combination with an EDR system<\/a> capable of tracking network anomalies!<\/p>\n\n","protected":false},"excerpt":{"rendered":" Even to the naked eye, the Matrix\u2019s flawed implementation threatens the system\u2019s stability and security.<\/p>\n","protected":false},"author":700,"featured_media":19257,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1318,1916],"tags":[2368,2534,2047,268],"class_list":{"0":"post-19256","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-enterprise","9":"tag-movies","10":"tag-the-matrix","11":"tag-truth","12":"tag-vulnerabilities"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/matrix-vulnerabilities\/19256\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/matrix-vulnerabilities\/23757\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/matrix-vulnerabilities\/9646\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/matrix-vulnerabilities\/25975\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/matrix-vulnerabilities\/23952\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/matrix-vulnerabilities\/23618\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/matrix-vulnerabilities\/26590\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/matrix-vulnerabilities\/26196\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/matrix-vulnerabilities\/32104\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/matrix-vulnerabilities\/10381\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/matrix-vulnerabilities\/43168\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/matrix-vulnerabilities\/18289\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/matrix-vulnerabilities\/18686\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/matrix-vulnerabilities\/15624\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/matrix-vulnerabilities\/27876\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/matrix-vulnerabilities\/32231\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/matrix-vulnerabilities\/27944\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/matrix-vulnerabilities\/24695\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/matrix-vulnerabilities\/30117\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/matrix-vulnerabilities\/29908\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/truth\/","name":"truth"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/19256","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/700"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=19256"}],"version-history":[{"count":0,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/19256\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/19257"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=19256"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=19256"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=19256"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Pirate signal from Resistance ships<\/h3>\n
Uncontrolled avatar transmission system<\/h3>\n
Incomplete addressing system<\/h3>\n
Artificial constraints on Matrix Agents<\/h3>\n
\nAdding to the mounting errors in their code, for some reason agents have the ability to disconnect from the Matrix information system simply by removing their earpieces, a clear vulnerability if ever there was one.<\/p>\nZion mainframe codes<\/h3>\n
Rogue software<\/h2>\n
Software smuggling<\/h3>\n
Backdoor corridor<\/h2>\n
Clones of Agent Smith<\/h2>\n