Friday, November 1, 2024
HomeCyber Security NewsSevere Bugs in U.S.Military Fighter Jet Let Hackers Takes Sensitive Controls while...

Severe Bugs in U.S.Military Fighter Jet Let Hackers Takes Sensitive Controls while Jet Flying

Published on

Malware protection

A group of seven Ethical hackers who were exclusively allowed to test the flight system for a U.S. military fighter jet, in result, they found severe vulnerabilities in critical F-15 fighter jet systems.

The flaws allowed them to take control of video cameras and sensors while the fighter jet on flying and completely shut down the Trusted Aircraft Information Download Station (TADS), a $20,000 device that collects data from video cameras and sensors while jets are in flight.

Ethical hackers were tried to exploit the system using various form of attacks such as injecting the system with malware, and even going at it with pliers and screwdrivers, Will Roper, the Air Force’s official said to Washington post.

- Advertisement - SIEM as a Service

The same hackers also tried to find the vulnerabilities in Air Force, but they failed, and the same team of hackers tired similar tests in November without actually touching the device.

Until last year, U.S military would not be allowed anyone to touch the extremely sensitive equipment and find the vulnerabilities.

But this year, the Air Force convinced that unless it allows America’s best hackers to search out all the digital vulnerabilities in its planes and weapons systems, there are chances that most dangerous hackers from Russia, Iran and North Korea will find and exploit those vulnerabilities first.

Roper also pointed that “There are millions of lines of code that are in all of our aircraft and if there’s one of them that’s flawed, then a country that can’t build a fighter to shoot down that aircraft might take it out with just a few keystrokes,”

Synack, a cybersecurity firm that offers Pentagon third-party vulnerability testing services were brought all these 7 ethical hackers to Vegas to find the vulnerabilities in TADS devices.

U.S Defense announced a first hacking competitions in 2016 under the name of ” “Hack the Pentagon” and later moment they launched  “Hack the Air Force.” in which any one can participate but targeting systems are limited such as included only public-facing hacking targets such as military service websites and apps.

After that, U.S defense opens more sensitive systems and allowed a very small number of highly skilled hacking to test the system by signing a nondisclosure agreement.

According to the DDS(Defense Digital Service) director Brett Goldstein, “hackers allowed this time and to physically disassemble the TADS systems to get a better idea of what kinds of digital attacks might be effective, Goldstein said. That meant the hackers could simulate a cyberattack from adversaries that had infiltrated the vast network of suppliers that make TADS components and had sophisticated knowledge about how to compromise those elements.”

Its time to advised to Air Force vendors build better software and hardware security controls into their planes and weapon system to eliminate the burden for the Air Force to avoid spending time with backend cybersecurity. Roper said to Joseph Marks, A Washington Post reporter.

Also, he said ” In next year Def Con conference, he wishes to bring the hackers to Nellis or Creech Air Force bases near Las Vegas where they can probe for bugs on every digital system in a military plane “

Hackers will also be allowed to test the ground control system for an operational military satellite, and if there will be any successful attempt that breaks the system, then it would be a great chance to protect it before it exploits by other malicious hackers. Roper said.

Due to security and privacy reasons, discovered vulnerabilities and related details are not disclosed in public.

Sponsored:  – Manage all the Endpoint networks from a single Console.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity course online to keep yourself updated.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...