Cybersecurity At 1:16th Scale
Raytheon hacks into model truck in creative cybersecurity demonstration
Raytheon engineers hacked into a radio-controlled model truck to show how the company's technology can pinpoint vulnerabilities and fight off a cyber attack.
The demonstration, held by Raytheon's Cyber Operations and Development Evaluation (CODE) center, took place at the Association of the U.S. Army (AUSA) Annual Meeting and Exposition in Washington, D.C.
“We could’ve shown customers a 36-page slideshow that showcases the CODE center’s capabilities,” said Scott Harlan, the Raytheon engineer who will drive the R.C. vehicle at AUSA. “But this car’s way cooler.”
While hacking an R.C. truck may seem innocuous, the vulnerabilities Raytheon engineers exploit to manipulate a toy mirror those cyber criminals could exploit to gain access to real-world systems.
Last year, a 14-year-old hacked a car's computer during the Battelle CyberAuto Challenge in Troy, Michigan, allowing him to activate the remote starter, the windshield wipers and the horn – with a device he built in less than a night, using $15 in electronics store parts. The hack was a strong reminder that every item connected to the Internet of Things – from military systems to mobile devices to vehicles – must be protected.
“Much of the public thinks that cyber vulnerabilities only exist on their PCs or cell phones,” said Steve Rosenblum, senior director of the CODE center. “But in today’s Internet of Things, anything with an IP address or wireless connectivity – including smart TVs, new cars, thermostats, door locks and now even watches – can be hacked if it isn’t secure.”
Raytheon began the demonstration with a command and control attack.
“We’ll be adding state-of-the-art sensors including video cameras, telemetry, GPS, radios and other electronic equipment to the platform, which will be potential vectors for cyber attacks,” Harlan said. “For example, we’ll be able to exploit GPS hardware to show the driver they’ve reached a waypoint by displaying pre-recorded footage. But in reality, we’ll have commandeered the vehicle.”
“We could even show an episode of Baywatch if we wanted,” Harlan said.
After Raytheon’s cyber ranges identify exploits, their Electronic Armor anti-tamper solution can prevent reverse engineering, modification and theft of critical information found in computer software and firmware.
“Electronic Armor solution has tamper detection and a ‘penalty response,’” said Damon Hardy, a mission manager for Raytheon’s Centers of Innovation. “For example, if someone were to insert a thumb drive into a computer to steal data, Electronic Armor could respond by uploading decoy data, setting off alarms, encrypting or erasing the data, or ‘bricking’ the computer.”
Protecting Military Hardware and Systems
Raytheon requires that its military radars and weapons systems pass rigorous tests in real-world conditions. Bill Leigher, advanced solutions director at Raytheon’s Intelligence, Information and Services business, says cybersecurity technology must also meet rigorous standards.
“Raytheon is well aware of the many serious cyber threats in the world today,” said Leigher. “For many years, we’ve ensured that if our equipment comes under cyber attack, it will continue to work as advertised.”
As hackers and their tools become more sophisticated, their targets are expanding from military hardware to other connected items. Though electronics built in the '80s, '90s and '00s are still in use, they weren’t designed with cybersecurity in mind. This makes them prime candidates for cyber exploitation.
Rosenblum warned that equipment designed with protection against today’s threats may not be secure tomorrow. But he said Raytheon technology is designed to keep pace with adversaries that are constantly changing tactics and developing more sophisticated tools.
“Raytheon’s cyber-defenses are every bit as fluid and ever-changing,” he said.