Star Wars is a great movie. But if the Death Star had run a security audit, it would have been a lot shorter… and the Rebel Alliance would have lost.
I admit, when I first watched Star Wars as a five year old I wasn’t thinking about the Internet of Things. All I knew is that I had a tiny robot named C-3PO in my toy collection, and his movie counterpart was having great space adventures. I was a little blonde boy who dressed up as Luke Skywalker (got 2nd place in a look-a-like contest at the mall), had spaceship wallpaper in his bedroom, and took a love of sci-fi all the way through two engineering degrees and a career in the technology industry. I’ve met Anthony Daniels, the man inside that C-3PO suit. I even parodied a Taylor Swift song as a tribute for the new movie.
Yeah, I’m that nerd. Which is why I have a new hope that someone in a galaxy far, far away solved all the computer security issues the Empire had a long, long time ago. Otherwise, the Empire’s IT staff will get struck when The Force Awakens returns Jedi to theaters this week.
If you think your workplace has a terrible BYOD policy, try working on the Death Star… where the “D” stands for “Droids” and they can connect to practically anything on the station. Anything. I applaud the Empire’s ability to solve universal connectivity long before Earthlings managed to develop USB-C, but knowing that a computer can just roll itself up to any old terminal should make them think harder about their network security policies.
I know it’s silly to over-analyze a movie by the producer of Howard the Duck as a lesson on computer security. Yes, the whole “fly to Alderaan” thing could have been avoided if Princess Leia’s OneDrive account had more free space… but let’s assume she didn’t have in-flight Wi-Fi. I want to focus on the garbage compactors.
Yes, garbage compactors. Apparently, the Galactic Empire will reduce your planet to rubble at the drop of a hat, but they care about littering. The garbage compactor is a silly thing connected to the corporate network because someone’s boss thought it needed to be there. Obviously, it’s not as important as the tractor beam which was wisely disconnected from remote network access, precariously perched on a guarded walkway without any safety railing.
The garbage compactor, like the Death Star’s prisoner database, is an easy target for hacking. Nobody thinks it’s an important system until after several (literally) stinking criminals use it to escape with your trade secrets. It’s the exact thing a modern hacker looks for – weak encryption, unsigned firmware images, open network ports, default admin passwords, legacy systems that don’t apply security patches… the exhaust port of your IoT system.
I know you’re all distracted at work this week with making plans to camp out and see Star Wars: Episode VII: The Force Awakens. Go forth, enjoy the film. When you get back to work next week take an honest look at your IoT project, think like a rebel, and ask one important security question…
WWR2D2D – What Would R2D2 Do?
Then sit back and be glad you’re not inside that trash compactor, listening to Luke whine about how he’s going to die. It’s not a good way to go (especially if you’re Han, Chewie or Leia.)