DEV Community

Cover image for 🚨 Robotic devices can be hijacked through cryptographic failures in encryption
Cossack Labs
Cossack Labs

Posted on

🚨 Robotic devices can be hijacked through cryptographic failures in encryption

You can often hear security engineers saying β€œdo not design your cryptosystems, especially if you don’t know anything about them”. Nah, ignore it. What can really go wrong?

Imagine you have a radio-controlled β€‹πŸš—β€‹πŸ’¨β€‹ toy car.

It’s very popular and has an open-source firmware with a large community around. Your car uses secure protocol to communicate with remote control and can drive on a long distance.

Is it protected from the hijackers now? Well, we doubt a lot πŸ€”, as crypto bugs can sit in the code invisibly until it’s too late to notice them.

What can happen?

πŸ”˜ Static IV in CBC fails to achieve probabilistic encryption
πŸ”˜ AES-CBC Padding Oracle attack
πŸ”˜ AES-CTR is broken using fixed nonce
πŸ”˜ Encrypted messages integrity is not protected
πŸ”˜ Side channels and replay attacks
πŸ™€ and that’s still not all folks.

Read our new article πŸ‘‰ Cryptographic failures in RF encryption allow stealing robotic devices πŸ‘ˆ and play interactive demo games to learn how your robotic devices can be stolen from you by someone with a radio antenna.

Discussion (0)