[Warning: this post contains spoilers for Star Trek Beyond]
Star Trek Beyond released last month and, whether you enjoyed it or not, the movie introduced all sorts of cool sci-fi technology (hello, Yorktown!) while sticking to many typical Trek tropes (was that a shout-out to EPS conduits?). It struck a nice balance of new vs. old but, amidst a slew of plot points driven by technological failings, a curious question emerged: why is this happening in 2263? We’ve come pretty close to solving some of these issues in 2016!
Let’s drill into a key twist towards the final showdown, involving the type of cybersecurity failure that’s so often found in the stories of Star Trek.
The villain of the story, a rather menacing-looking fellow named Krall, commands a gigantic fleet of indestructible drone ships that wreak havoc throughout the movie. By the end, it seems our heroes have no way to stop this unstoppable swarm. The solution, in classic Trek fashion, isn’t to use phasers or photon torpedoes, rather it’s to have our heroes’ research, hypothesize, and test the only possible option in a trial by fire. In this case, the swarm ships literally catch fire and explode as our crew transmits the classic 1994 song “Sabotage” over VHF radio, disrupting their communications and their ability to exist. Because reasons.
So let’s hypothesize what happened and potentially explain one flavor of “treknobabble”, rabbit-out-the-hat solution that’s occurred over the past 50 years of Star Trek storytelling.
VHF-based attacks can occur today, injecting fake data into a receiver. Can they cause alien swarm ships to explode? Perhaps if they were architected like many of today’s automobiles, with multiple potential attack surfaces.
As Charlie Miller and Chris Valasek explained in their report at Black Hat 2015, A Survey of Automotive Attack Surfaces, safety-critical attacks generally require three stages.
“The first stage consists of an attacker remotely gaining access to an internal automotive network. This will allow the attacker to inject messages into the cars networks, directly or indirectly controlling the desired ECU.”
According to Scotty and Dr. McCoy’s surreptitious research aboard a captured drone ship, the alien communications network could be disrupted by VHF transmissions. To get the results as shown on screen, let’s take this to mean that they used VHF radio to gain access to the drones’ internal networks. But this doesn’t mean access was granted to safety-critical systems, such as weapons or engines – that’s the next stage.
Beyond the screen
“A cyber physical attack usually requires a second step which involves injecting messages onto the internal automotive network in an attempt to communicate with safety critical ECUs, such as those responsible for steering, braking, and acceleration.”
Here’s where we take a leap off the pages of the script and assume Scotty worked his usual magic to inject some malicious messages into the drone ships’ networks. Perhaps a command to “overload the reactors” or “sleep,” like in the similarly explosive finale of this classic TNG episode:
Now, in many of today’s architectures, safety-critical components aren’t directly connected to general-purpose networks. If Krall’s ships were the same, poor Scotty would also have to bridge from less privileged systems to the critical ones. But if Scotty can send the Enterprise back in time without going up in “the biggest ball of fire since the last sun in these parts exploded,” he can certainly do this.
“The final step is to make the target ECU behave in some way that compromises vehicle safety.”
With access to safety-critical systems, we now have to take the biggest leap of faith: Scotty reverse engineering network messages on the fly, to determine the correct commands to initiate a catastrophic event.
Within the runtime of “Sabotage.”
Probably right when Ad-Rock says “You’ll shut me down with a push of your button?”
For all the thousands of drone ships.
Except Krall’s – he has to fight Kirk later.
Then again … Scotty is a Miracle Worker.
Back to reality, sort of. Given that we have techniques today to prevent these sorts of remote attacks, (minimizing attack surfaces through architecture, strong message cryptography, input validation, live attack detection, to name a few), the biggest story stretch here is how can this even be an issue two hundred years from now?
One must assume this backwards alien society wasn’t using static code analysis, of course.
*the very last episode of the very best Star Trek series