The cybersecurity of the Terminator

[harlan4096]

The latest Terminator movie is set to hit the big screen. According to its creators, its plot is a continuation of the seminal Terminator 2: Judgment Day, with all installments in-between relegated to an alternative branch of reality. In general, the idea of an AI rebellion is clearly an information security problem, so we decided to examine the movie’s cyberlandscape. Our focus will be on the first two films in the franchise.

The Terminator

Let’s get this out of the way: We have no issues with the Terminator itself. The metalhead strictly follows its programming and displays savvy and flair in tracking down Sarah Connor. Keep in mind that the first movie was released way back in 1984. In those days, computers were not as widespread as they are now, so from our perspective, the most interesting part is the final fight scene with the cyborg.

With hindsight, we find it remarkable that no one considered information systems security when designing the unnamed industrial enterprise. The facility where the expensive machines work has no protection whatsoever. The door to the premises from the street is made of glass. There is no security. The door to the production unit where the industrial robots are located has no lock — only a bolt on the inside. And the computers and control panels are right beside the entrance.

Also, in a bit of (intentional or not) product placement, by the entrance we get a clear shot of a control unit for the FANUC robot S-Model 0, Series F30, EDITION 005, manufactured by GMF Robotics. On eBay you can find documentation for this device (marked “For GMF internal use”), which can be used to learn how to sabotage the production process. Obviously, back in 1984 it would have been harder to get hold of such documentation. Then again, Kevin Mitnick managed to obtain far more secret information.

Slightly modifying the computer settings can achieve a lot — from sabotaging the workflow and bringing down the production unit, to adjusting the technological process to wreck the end product or cause it to fail during operation.

Terminator 2

In the second movie, we see far more computers and information systems — it’s 1991, after all. But that also means more security issues. Let’s start with the fact that somewhere off-screen, in the future, the rebels have reprogrammed the cyborg. It’s not clear why Skynet didn’t anticipate and block such a violation. But let’s proceed step by step.

Police car computer

An early scene shows how the liquid-metal terminator takes the form of a police officer and hijacks his car, in which there is a computer connected to the police network. Here’s the first bone to pick with the police information security team. Why does the computer not ask for authorization? Is a police car considered such a trusted zone that no one thought about it? It’s a head-scratcher, especially given that the police officers are constantly leaving their cars to run after criminals or question witnesses, and the network contains highly confidential information. Or did the officer simply forget to lock the computer when leaving the vehicle? In that case, we’d say that this law enforcement agency desperately needed cyberthreat awareness training for its personnel.

ATM robbery

Meanwhile, John Connor and his pal rob an ATM by connecting it to an Atari Portfolio PDA through the card slot. That diversion shows us that even without the Skynet rebellion, technology in the Terminator world is moving along an alternative path; in reality, it’s not possible to extract card data plus PINs from an ATM or from the card itself — or from anywhere else: ATMs do not contain card numbers, and there is no PIN on the card. Not to mention that the Atari Portfolio, with its 4.9152-MHz 80C88 CPU, is hardly the best tool for brute-forcing PINs.
...

Continue Reading