Categories: Cyber Security News

Severe Bugs in U.S.Military Fighter Jet Let Hackers Takes Sensitive Controls while Jet Flying

A group of seven Ethical hackers who were exclusively allowed to test the flight system for a U.S. military fighter jet, in result, they found severe vulnerabilities in critical F-15 fighter jet systems.

The flaws allowed them to take control of video cameras and sensors while the fighter jet on flying and completely shut down the Trusted Aircraft Information Download Station (TADS), a $20,000 device that collects data from video cameras and sensors while jets are in flight.

Ethical hackers were tried to exploit the system using various form of attacks such as injecting the system with malware, and even going at it with pliers and screwdrivers, Will Roper, the Air Force’s official said to Washington post.

The same hackers also tried to find the vulnerabilities in Air Force, but they failed, and the same team of hackers tired similar tests in November without actually touching the device.

Until last year, U.S military would not be allowed anyone to touch the extremely sensitive equipment and find the vulnerabilities.

But this year, the Air Force convinced that unless it allows America’s best hackers to search out all the digital vulnerabilities in its planes and weapons systems, there are chances that most dangerous hackers from Russia, Iran and North Korea will find and exploit those vulnerabilities first.

Roper also pointed that “There are millions of lines of code that are in all of our aircraft and if there’s one of them that’s flawed, then a country that can’t build a fighter to shoot down that aircraft might take it out with just a few keystrokes,”

Synack, a cybersecurity firm that offers Pentagon third-party vulnerability testing services were brought all these 7 ethical hackers to Vegas to find the vulnerabilities in TADS devices.

U.S Defense announced a first hacking competitions in 2016 under the name of ” “Hack the Pentagon” and later moment they launched  “Hack the Air Force.” in which any one can participate but targeting systems are limited such as included only public-facing hacking targets such as military service websites and apps.

After that, U.S defense opens more sensitive systems and allowed a very small number of highly skilled hacking to test the system by signing a nondisclosure agreement.

According to the DDS(Defense Digital Service) director Brett Goldstein, “hackers allowed this time and to physically disassemble the TADS systems to get a better idea of what kinds of digital attacks might be effective, Goldstein said. That meant the hackers could simulate a cyberattack from adversaries that had infiltrated the vast network of suppliers that make TADS components and had sophisticated knowledge about how to compromise those elements.”

Its time to advised to Air Force vendors build better software and hardware security controls into their planes and weapon system to eliminate the burden for the Air Force to avoid spending time with backend cybersecurity. Roper said to Joseph Marks, A Washington Post reporter.

Also, he said ” In next year Def Con conference, he wishes to bring the hackers to Nellis or Creech Air Force bases near Las Vegas where they can probe for bugs on every digital system in a military plane “

Hackers will also be allowed to test the ground control system for an operational military satellite, and if there will be any successful attempt that breaks the system, then it would be a great chance to protect it before it exploits by other malicious hackers. Roper said.

Due to security and privacy reasons, discovered vulnerabilities and related details are not disclosed in public.

Sponsored:  – Manage all the Endpoint networks from a single Console.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity course online to keep yourself updated.

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Evasive Panda Attacking Cloud Services To Steal Data Using New Toolkit

The Evasive Panda group deployed a new C# framework named CloudScout to target a Taiwanese…

5 hours ago

Massive Midnight Blizzard Phishing Attack Using Weaponized RDP Files

Researchers warn of ongoing spear-phishing attacks by Russian threat actor Midnight Blizzard targeting individuals in…

6 hours ago

Sophisticated Phishing Attack Targeting Ukraine Military Sectors

The Ukrainian Cyber Emergency Response Team discovered a targeted phishing campaign launched by UAC-0215 against…

6 hours ago

Chinese Hackers Attacking Microsoft Customers With Sophisticated Password Spray Attacks

Researchers have identified a network of compromised devices, CovertNetwork-1658, used by Chinese threat actors to…

6 hours ago

New Windows Zero-Day Vulnerability Let Attackers Steal Credentials From Victim’s Machine

A security researcher discovered a vulnerability in Windows theme files in the previous year, which…

6 hours ago

SYS01 InfoStealer Malware Attacking Meta Business Page To Steal Logins

The ongoing Meta malvertising campaign, active for over a month, employs an evolving strategy to…

6 hours ago