You are here

RedBox: Red Team in a Box

Award Information
Agency: Department of Defense
Branch: Navy
Contract: N68335-20-C-0094
Agency Tracking Number: N182-131-0276
Amount: $2,499,879.00
Phase: Phase II
Program: SBIR
Solicitation Topic Code: N182-131
Solicitation Number: 18.2
Timeline
Solicitation Year: 2018
Award Year: 2020
Award Start Date (Proposal Award Date): 2019-12-10
Award End Date (Contract End Date): 2023-06-15
Small Business Information
1855 1st Ave #103
San Diego, CA 92101-0000
United States
DUNS: 828934914
HUBZone Owned: No
Woman Owned: No
Socially and Economically Disadvantaged: No
Principal Investigator
 Ulrich Lang
 CEO
 (650) 515-3391
 ulrich.lang@objectsecurity.com
Business Contact
 Ulrich Lang
Phone: (650) 515-3391
Email: ulrich.lang@objectsecurity.com
Research Institution
N/A
Abstract

Human red team experts for conducting vulnerability assessments on Navy systems are scarce and expensive, especially for embedded (incl. cyber-physical) systems. Our core hypothesis in Phase I was that it is feasible to develop a portable, automated device (“RedBox”) usable by non-expert users (e.g. sailors on a ship) that can automatically carry out vulnerability assessments of embedded devices and cyber-physical devices that may not be connected to any internet protocol (IP) network or power outlet, but may have embedded system interfaces (UART, CAN, etc.) – and automatically generate reports. Navy requires such a device. In Phase II we propose, in line with the solicitation, that we develop a fully functioning handheld/portable appliance prototype capable of interfacing with multiple types of embedded/cyber-physical systems with various types of connections – and demonstrate the device can be used by non-experts and is capable of providing intuitive insights into potential zero-day vulnerabilities. RedBox automatically probes embedded ports, extracts and analyzes firmware/software, carries out penetration tests, generates detailed reports, and uses artificial intelligence to intelligently and adaptively select the most beneficial vulnerability assessment step sequence.

* Information listed above is at the time of submission. *

US Flag An Official Website of the United States Government