{"id":21027,"date":"2023-05-04T03:17:26","date_gmt":"2023-05-04T07:17:26","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/mandalorian-season-3-cybersecurity\/21027\/"},"modified":"2023-05-04T13:24:28","modified_gmt":"2023-05-04T09:24:28","slug":"mandalorian-season-3-cybersecurity","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/mandalorian-season-3-cybersecurity\/21027\/","title":{"rendered":"Cybersecurity in season 3 of The Mandalorian"},"content":{"rendered":"

Season 3 of The Mandalorian TV series gave us a look at the state of information security in the Star Wars universe nine years after the Battle of Yavin. And the more I watch this show, the more I get the impression that all the infosec problems of the galaxy far, far away have two roots\u00a0\u2014 negligence and droids. Before you continue reading, please be warned that there may be spoilers in the text.<\/p>\n

The whole situation with droids in the Star Wars universe brings forth a certain\u2026 ethical-moral issue. The thing is, they\u2019re sentient (they think, feel. and have emotions), while at the same time they\u2019re owned by someone (or something<\/em>). And even the \u201cgood\u201d characters don\u2019t regard this as much of a problem. Meanwhile, droids can have motives of their own, which don\u2019t necessarily coincide with the whims and wishes of their owners.<\/p>\n

Of the new things we learned from this season of The Mandalorian, we now know how droids get their software updates. It turns out, they visit bars to get updated\u2026 through booze! (I guess that makes a good excuse when asked \u201cwhy are you drunk again?\u201d: \u201cJust updating, darling!\u201d) The bars serve the drink Nepenthe, which is a lubricant for protection against mechanical wear-and-tear mixed with subparticles delivering programming updates and new commands from the mainframe. Truth be told, this doesn\u2019t seem very safe: droids operate in almost every corner of the galaxy, while it\u2019s the first time ever we see a bar for them. Still, at least now we know they can get any updates at all!<\/p>\n

Assassin droid IG-11<\/h2>\n

Toward the end of Season 1, the rehabilitated assassin droid IG-11\u00a0\u2014 while surrounded by the Imperials\u00a0\u2014 declared that, according to his manufacturer\u2019s protocols, he should never be captured by the enemy, and so activated self-destruction. In theory, this is a good idea: it was designed not only to protect the information in the droid\u2019s memory, but also to prevent turning the droid against the original owner.<\/p>\n

However, there\u2019s one problem: poor implementation of this self-destruct mechanism. In the third season, the lead character decides to reactivate his fallen comrade-in-arms. And it comes to light that this is quite doable! Moreover, even though the machine has lost plenty of its marbles, some scraps of information are still there\u00a0\u2014 for example, it can still quote subparagraph 16 of the Bondsman Guild protocol. This vividly demonstrates how the self-destruct mechanism is not to be trusted with emergency data destruction: it\u2019s not so reliable.<\/p>\n

Astromech droid R5-D4<\/h2>\n

R5-D4 is a distinguished droid. He\u2019s one of the first defective droids we see in the Star Wars universe ever. R5 is there from the very first (fourth) episode of Star Wars, when he was passed over for purchase by Luke Skywalker from Jawas due to a motivator malfunction. In the third season of The Mandalorian, the droid is foisted upon the series\u2019 namesake as a co-pilot and to explore the planet of Mandalore \u2014 mostly destroyed by war. However, it turns out that R5 doesn\u2019t show a great deal of respect for ownership rights, and stays true to his former masters\u00a0\u2014 ex-rebels, now New Republic pilots.<\/p>\n

We never find out whether this is due to astromech\u2019s default functionality or a repercussion of software modification carried out by the rebels, but R5-D4 is able to access information networks and gain control of Imperial security systems. But that\u2019s not what should concern: after all he does this in his owner\u2019s interests. What\u2019s more troubling is that one fine day he leaks the Mandalorians\u2019 covert<\/a> coordinates to his former war buddy. Furthermore, when Captain Teva decides to seek out the Mandalorians\u2019 hiding place, he hardly goes and talks to all the droids he knows. Which means R5 keeps reporting his whereabouts to his Rebel friends and spies on his owners.<\/p>\n

Reprogrammed droids from Plazir-15<\/h2>\n

The planet Plazir-15 is a world where people don\u2019t work\u00a0\u2014 all their labor-consuming jobs are done by reprogrammed Imperial and separatist droids. Let\u2019s leave aside the question of why other worlds don\u2019t live the same way, while the New Republic persists in scrapping Imperial equipment. Most of the time repurposed droids are grateful for a second chance, because otherwise they\u2019d be disassembled. And yet the planet constantly faces droid-related incidents\u00a0\u2014 from minor sabotage to direct assaults on humans.<\/p>\n

The lead character undertakes an incident-response-team role to investigate the recent series of incidents, and discovers that the droids\u2019 software has been tampered with. And the tampering was accomplished by poisoning the above-mentioned update delivery mechanism: in one of the batches of Nepenthe, subparticles were replaced with nano-droids that reprogram the drinkers to force them to inflict harm upon humans and their property. Yet another reason to doubt the reliability of this firmware update mechanism.<\/p>\n

However, it\u2019s not at all difficult to find the culprit. Commissioner Helgait, head of security in charge of the local SOC, is also a hacktivist. But this (so-called) colleague of ours went and left a financial trail by ordering nano-droids from the local information-security office under his own name (despite being head<\/em> of security<\/em>!). As least he was smart enough to create a mechanism to roll reprogrammed battle droids back to a separatist firmware version; only problem \u2014 he failed to actually use the mechanism for lack of time.<\/p>\n

Cybersecurity status of the main factions<\/h2>\n

All in all, there\u2019s one word to describe the developments in the information security policies of both the New Republic and the Imperial remnants, and the word is degradation<\/em>.<\/p>\n

New Republic<\/h3>\n

The New Republic is actively trying to integrate former Imperial servants into society. No doubt, it was a commendable initiative. However, it\u2019s not the most prudent decision of all to give folks who\u2019d fought on the enemy side less than a year ago access to any secret information. But this bothers no one: Moff Gideon\u2019s (bad guy) former communications officer (bad guy) can be seen walking up and down the office of Colonel Tuttle (good guy) \u2014 in charge of distributing military aid to the Republican worlds. Meanwhile a former Imperial scientist is taking stock of discarded Imperial assets.<\/p>\n

The situation is bad from any angle:<\/p>\n