DEV Community

Cover image for ๐Ÿšจ Robotic devices can be hijacked through cryptographic failures in encryption
Cossack Labs
Cossack Labs

Posted on

3 3 1 1

๐Ÿšจ Robotic devices can be hijacked through cryptographic failures in encryption

You can often hear security engineers saying โ€œdo not design your cryptosystems, especially if you donโ€™t know anything about themโ€. Nah, ignore it. What can really go wrong?

Imagine you have a radio-controlled โ€‹๐Ÿš—โ€‹๐Ÿ’จโ€‹ toy car.

Itโ€™s very popular and has an open-source firmware with a large community around. Your car uses secure protocol to communicate with remote control and can drive on a long distance.

Is it protected from the hijackers now? Well, we doubt a lot ๐Ÿค”, as crypto bugs can sit in the code invisibly until itโ€™s too late to notice them.

What can happen?

๐Ÿ”˜ Static IV in CBC fails to achieve probabilistic encryption
๐Ÿ”˜ AES-CBC Padding Oracle attack
๐Ÿ”˜ AES-CTR is broken using fixed nonce
๐Ÿ”˜ Encrypted messages integrity is not protected
๐Ÿ”˜ Side channels and replay attacks
๐Ÿ™€ and thatโ€™s still not all folks.

Read our new article ๐Ÿ‘‰ Cryptographic failures in RF encryption allow stealing robotic devices ๐Ÿ‘ˆ and play interactive demo games to learn how your robotic devices can be stolen from you by someone with a radio antenna.

Do your career a big favor. Join DEV. (The website you're on right now)

It takes one minute, it's free, and is worth it for your career.

Get started

Community matters

Top comments (0)

๐Ÿ‘‹ Kindness is contagious

Immerse yourself in a wealth of knowledge with this piece, supported by the inclusive DEV Communityโ€”every developer, no matter where they are in their journey, is invited to contribute to our collective wisdom.

A simple โ€œthank youโ€ goes a long wayโ€”express your gratitude below in the comments!

Gathering insights enriches our journey on DEV and fortifies our community ties. Did you find this article valuable? Taking a moment to thank the author can have a significant impact.

Okay