Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.

This fun project can teach your homebound children and teens about cybersecurity (and keep them occupied for at least a little while).

So here we sit at home, hopefully enjoying a long spell of enforced togetherness with our loved ones. If those loved ones include children, then our houses have also become classrooms. That means pulling lessons together — and what better lesson to teach than cybersecurity?

Here at Dark Reading we aim to provide useful information for our readers, no matter where they're spending their working hours. With that in mind, we put the word out that we were looking for projects that could teach useful cybersecurity lessons with a bit of fun mixed in, and people have begun to respond. Today's project features cybersecurity and robots, and it can teach a wide variety of lessons about each.

Before we get to the project, a request for the reader: If you have created a project to teach cybersecurity lessons to young people, we'd love to hear from you. If it's inexpensive, allthe better, but nothing is out of bounds as long as it teaches something useful and is enough fun to keep kids interested.

An Insecure Robot
Travis Smith is principal security researcher at Tripwire. One part of his job involves working with interns brought into the company each year. These interns, most of whom are high school students, come to the company to learn, but Smith says that many also bring important knowledge with them.

"Every year we have interns we hire for the summer, typically out of high school, often members of the First Robotic club. They tend to be familiar with the hardware side and less with the software," he says.

To help kick-start the interns' software skills and build on their robotics knowledge, Smith purchased a smart video car kit from Amazon, along with a Raspberry Pi that serves as the car's intelligence. The total investment at this point was a bit less than $150.

Smith says that the interns built the car, loaded the necessary software for its control, and began driving it around the office. After they had some fun (including crashing the car into the CEO's feet), Smith began the next step of the project.

"We taught them how to break into it and control it — it had no encryption or authentication," Smith says. The basic tool used to understand the network traffic is WireShark, one of the foundational tools in most researchers' toolkits. Since the car is controlled via Wi-Fi, Smith says that the interns were able to watch the traffic flowing between the controller and car.

Once they saw that, they were able to start breaking into the control conversation, spoofing the controller's ID, and taking over control of the car. And when they were able to do that, Smith moved them into the third portion of the project — defending the car against attack.

"We taught them to break into it as it was, and then they switched to defending it, adding strong passwords, encryption, and similar features," Smith says.

Then came the final piece of the project. "On the last day of the internship, we brought our researchers and engineers into a conference room and spent three hours trying to break into the robot. The first year we failed," he says, leading to great celebration on the interns' part.

The next time, though, came a "teachable moment." "The second year we were 2:55 into it, we had an intern who had beat us, and he left the room to call his mom to share his victory," Smith explains.

Unfortunately, when the intern left the room he left his notebook open on the table — and all of his passwords were written on the pages of the notebook. The researchers weren't above some physical-layer snooping, so they took his passwords, broke into the robot, and won the day.

The intern was crushed when he returned, but "I'll bet he never writes his passwords down again," Smith says.

This is the sort of project that can easily become a repeatable capture-the-flag sort of game between players or groups, and it can take young people as deeply into device security as they want to go. It's a security project that keep on giving for a long time to come.

Related Content:

 

A listing of free products and services compiled for Dark Reading by Omdia analysts to help meet the challenges of COVID-19. 

 

About the Author(s)

Curtis Franklin, Principal Analyst, Omdia

Curtis Franklin Jr. is Principal Analyst at Omdia, focusing on enterprise security management. Previously, he was senior editor of Dark Reading, editor of Light Reading's Security Now, and executive editor, technology, at InformationWeek, where he was also executive producer of InformationWeek's online radio and podcast episodes

Curtis has been writing about technologies and products in computing and networking since the early 1980s. He has been on staff and contributed to technology-industry publications including BYTE, ComputerWorld, CEO, Enterprise Efficiency, ChannelWeb, Network Computing, InfoWorld, PCWorld, Dark Reading, and ITWorld.com on subjects ranging from mobile enterprise computing to enterprise security and wireless networking.

Curtis is the author of thousands of articles, the co-author of five books, and has been a frequent speaker at computer and networking industry conferences across North America and Europe. His most recent books, Cloud Computing: Technologies and Strategies of the Ubiquitous Data Center, and Securing the Cloud: Security Strategies for the Ubiquitous Data Center, with co-author Brian Chee, are published by Taylor and Francis.

When he's not writing, Curtis is a painter, photographer, cook, and multi-instrumentalist musician. He is active in running, amateur radio (KG4GWA), the MakerFX maker space in Orlando, FL, and is a certified Florida Master Naturalist.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights