Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Edge Articles

4/17/2020
11:30 AM
Curtis Franklin Jr.
Curtis Franklin Jr.
Edge Features
50%
50%

Cybersecurity Home-School: The Robot Project

This fun project can teach your homebound children and teens about cybersecurity (and keep them occupied for at least a little while).

So here we sit at home, hopefully enjoying a long spell of enforced togetherness with our loved ones. If those loved ones include children, then our houses have also become classrooms. That means pulling lessons together — and what better lesson to teach than cybersecurity?

Here at Dark Reading we aim to provide useful information for our readers, no matter where they're spending their working hours. With that in mind, we put the word out that we were looking for projects that could teach useful cybersecurity lessons with a bit of fun mixed in, and people have begun to respond. Today's project features cybersecurity and robots, and it can teach a wide variety of lessons about each.

Before we get to the project, a request for the reader: If you have created a project to teach cybersecurity lessons to young people, we'd love to hear from you. If it's inexpensive, allthe better, but nothing is out of bounds as long as it teaches something useful and is enough fun to keep kids interested.

An Insecure Robot
Travis Smith is principal security researcher at Tripwire. One part of his job involves working with interns brought into the company each year. These interns, most of whom are high school students, come to the company to learn, but Smith says that many also bring important knowledge with them.

"Every year we have interns we hire for the summer, typically out of high school, often members of the First Robotic club. They tend to be familiar with the hardware side and less with the software," he says.

To help kick-start the interns' software skills and build on their robotics knowledge, Smith purchased a smart video car kit from Amazon, along with a Raspberry Pi that serves as the car's intelligence. The total investment at this point was a bit less than $150.

Smith says that the interns built the car, loaded the necessary software for its control, and began driving it around the office. After they had some fun (including crashing the car into the CEO's feet), Smith began the next step of the project.

"We taught them how to break into it and control it — it had no encryption or authentication," Smith says. The basic tool used to understand the network traffic is WireShark, one of the foundational tools in most researchers' toolkits. Since the car is controlled via Wi-Fi, Smith says that the interns were able to watch the traffic flowing between the controller and car.

Once they saw that, they were able to start breaking into the control conversation, spoofing the controller's ID, and taking over control of the car. And when they were able to do that, Smith moved them into the third portion of the project — defending the car against attack.

"We taught them to break into it as it was, and then they switched to defending it, adding strong passwords, encryption, and similar features," Smith says.

Then came the final piece of the project. "On the last day of the internship, we brought our researchers and engineers into a conference room and spent three hours trying to break into the robot. The first year we failed," he says, leading to great celebration on the interns' part.

The next time, though, came a "teachable moment." "The second year we were 2:55 into it, we had an intern who had beat us, and he left the room to call his mom to share his victory," Smith explains.

Unfortunately, when the intern left the room he left his notebook open on the table — and all of his passwords were written on the pages of the notebook. The researchers weren't above some physical-layer snooping, so they took his passwords, broke into the robot, and won the day.

The intern was crushed when he returned, but "I'll bet he never writes his passwords down again," Smith says.

This is the sort of project that can easily become a repeatable capture-the-flag sort of game between players or groups, and it can take young people as deeply into device security as they want to go. It's a security project that keep on giving for a long time to come.

Related Content:

 

A listing of free products and services compiled for Dark Reading by Omdia analysts to help meet the challenges of COVID-19. 

 

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
MarissaHess
50%
50%
MarissaHess,
User Rank: Apprentice
8/28/2020 | 3:36:24 AM
Re: my opinion
Keep it up
   OVER THE EDGE
A Swift Reminder About Cybersecurity

Source: The Security Awareness Company

What security-related videos have made you laugh? Let us know! Add them to the Comments section or email us at [email protected].

Name That Toon: Masks and Manners
Flash Poll