Friday, April 19, 2024

Severe Bugs in U.S.Military Fighter Jet Let Hackers Takes Sensitive Controls while Jet Flying

A group of seven Ethical hackers who were exclusively allowed to test the flight system for a U.S. military fighter jet, in result, they found severe vulnerabilities in critical F-15 fighter jet systems.

The flaws allowed them to take control of video cameras and sensors while the fighter jet on flying and completely shut down the Trusted Aircraft Information Download Station (TADS), a $20,000 device that collects data from video cameras and sensors while jets are in flight.

Ethical hackers were tried to exploit the system using various form of attacks such as injecting the system with malware, and even going at it with pliers and screwdrivers, Will Roper, the Air Force’s official said to Washington post.

The same hackers also tried to find the vulnerabilities in Air Force, but they failed, and the same team of hackers tired similar tests in November without actually touching the device.

Until last year, U.S military would not be allowed anyone to touch the extremely sensitive equipment and find the vulnerabilities.

But this year, the Air Force convinced that unless it allows America’s best hackers to search out all the digital vulnerabilities in its planes and weapons systems, there are chances that most dangerous hackers from Russia, Iran and North Korea will find and exploit those vulnerabilities first.

Roper also pointed that “There are millions of lines of code that are in all of our aircraft and if there’s one of them that’s flawed, then a country that can’t build a fighter to shoot down that aircraft might take it out with just a few keystrokes,”

Synack, a cybersecurity firm that offers Pentagon third-party vulnerability testing services were brought all these 7 ethical hackers to Vegas to find the vulnerabilities in TADS devices.

U.S Defense announced a first hacking competitions in 2016 under the name of ” “Hack the Pentagon” and later moment they launched  “Hack the Air Force.” in which any one can participate but targeting systems are limited such as included only public-facing hacking targets such as military service websites and apps.

After that, U.S defense opens more sensitive systems and allowed a very small number of highly skilled hacking to test the system by signing a nondisclosure agreement.

According to the DDS(Defense Digital Service) director Brett Goldstein, “hackers allowed this time and to physically disassemble the TADS systems to get a better idea of what kinds of digital attacks might be effective, Goldstein said. That meant the hackers could simulate a cyberattack from adversaries that had infiltrated the vast network of suppliers that make TADS components and had sophisticated knowledge about how to compromise those elements.”

Its time to advised to Air Force vendors build better software and hardware security controls into their planes and weapon system to eliminate the burden for the Air Force to avoid spending time with backend cybersecurity. Roper said to Joseph Marks, A Washington Post reporter.

Also, he said ” In next year Def Con conference, he wishes to bring the hackers to Nellis or Creech Air Force bases near Las Vegas where they can probe for bugs on every digital system in a military plane “

Hackers will also be allowed to test the ground control system for an operational military satellite, and if there will be any successful attempt that breaks the system, then it would be a great chance to protect it before it exploits by other malicious hackers. Roper said.

Due to security and privacy reasons, discovered vulnerabilities and related details are not disclosed in public.

Sponsored: Best Practices to Strengthen Cyber Security – Manage all the Endpoint networks from a single Console.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity course online to keep yourself updated.


Latest articles

Alert! Windows LPE Zero-day Exploit Advertised on Hacker Forums

A new zero-day Local Privilege Escalation (LPE) exploit has been put up for sale...

Palo Alto ZeroDay Exploited in The Wild Following PoC Release

Palo Alto Networks has disclosed a critical vulnerability within its PAN-OS operating system, identified...

FIN7 Hackers Attacking IT Employees Of Automotive Industry

IT employees in the automotive industry are often targeted by hackers because they have...

Russian APT44 – The Most Notorious Cyber Sabotage Group Globally

As Russia's invasion of Ukraine enters its third year, the formidable Sandworm (aka FROZENBARENTS,...

SoumniBot Exploiting Android Manifest Flaws to Evade Detection

A new banker, SoumniBot, has recently been identified. It targets Korean users and is...

LeSlipFrancais Data Breach: Customers’ Personal Information Exposed

LeSlipFrancais, the renowned French underwear brand, has confirmed a data breach impacting its customer...

Cisco Hypershield: AI-Powered Hyper-Distributed Security for Data Center

Cisco has unveiled its latest innovation, Cisco Hypershield, marking a milestone in cybersecurity.This groundbreaking...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.


Mastering WAAP/WAF ROI Analysis

As the importance of compliance and safeguarding critical websites and APIs grows, Web Application and API Protection (WAAP) solutions play an integral role.
Key takeaways include:

  • Pricing models
  • Cost Estimation
  • ROI Calculation

Related Articles