RedBox: Red Team in a Box

Human red team experts for conducting vulnerability assessments on Navy systems are scarce and expensive, especially for embedded (incl. cyber-physical) systems. Our core hypothesis in Phase I was that it is feasible to develop a portable, automated device (“RedBox”) usable by non-expert users (e.g. sailors on a ship) that can automatically carry out vulnerability assessments of embedded devices and cyber-physical devices that may not be connected to any internet protocol (IP) network or power outlet, but may have embedded system interfaces (UART, CAN, etc.) – and automatically generate reports. Navy requires such a device. In Phase II we propose, in line with the solicitation, that we develop a fully functioning handheld/portable appliance prototype capable of interfacing with multiple types of embedded/cyber-physical systems with various types of connections – and demonstrate the device can be used by non-experts and is capable of providing intuitive insights into potential zero-day vulnerabilities. RedBox automatically probes embedded ports, extracts and analyzes firmware/software, carries out penetration tests, generates detailed reports, and uses artificial intelligence to intelligently and adaptively select the most beneficial vulnerability assessment step sequence.