Categories: Cyber Security News

Severe Bugs in U.S.Military Fighter Jet Let Hackers Takes Sensitive Controls while Jet Flying

A group of seven Ethical hackers who were exclusively allowed to test the flight system for a U.S. military fighter jet, in result, they found severe vulnerabilities in critical F-15 fighter jet systems.

The flaws allowed them to take control of video cameras and sensors while the fighter jet on flying and completely shut down the Trusted Aircraft Information Download Station (TADS), a $20,000 device that collects data from video cameras and sensors while jets are in flight.

Ethical hackers were tried to exploit the system using various form of attacks such as injecting the system with malware, and even going at it with pliers and screwdrivers, Will Roper, the Air Force’s official said to Washington post.

The same hackers also tried to find the vulnerabilities in Air Force, but they failed, and the same team of hackers tired similar tests in November without actually touching the device.

Until last year, U.S military would not be allowed anyone to touch the extremely sensitive equipment and find the vulnerabilities.

But this year, the Air Force convinced that unless it allows America’s best hackers to search out all the digital vulnerabilities in its planes and weapons systems, there are chances that most dangerous hackers from Russia, Iran and North Korea will find and exploit those vulnerabilities first.

Roper also pointed that “There are millions of lines of code that are in all of our aircraft and if there’s one of them that’s flawed, then a country that can’t build a fighter to shoot down that aircraft might take it out with just a few keystrokes,”

Synack, a cybersecurity firm that offers Pentagon third-party vulnerability testing services were brought all these 7 ethical hackers to Vegas to find the vulnerabilities in TADS devices.

U.S Defense announced a first hacking competitions in 2016 under the name of ” “Hack the Pentagon” and later moment they launched  “Hack the Air Force.” in which any one can participate but targeting systems are limited such as included only public-facing hacking targets such as military service websites and apps.

After that, U.S defense opens more sensitive systems and allowed a very small number of highly skilled hacking to test the system by signing a nondisclosure agreement.

According to the DDS(Defense Digital Service) director Brett Goldstein, “hackers allowed this time and to physically disassemble the TADS systems to get a better idea of what kinds of digital attacks might be effective, Goldstein said. That meant the hackers could simulate a cyberattack from adversaries that had infiltrated the vast network of suppliers that make TADS components and had sophisticated knowledge about how to compromise those elements.”

Its time to advised to Air Force vendors build better software and hardware security controls into their planes and weapon system to eliminate the burden for the Air Force to avoid spending time with backend cybersecurity. Roper said to Joseph Marks, A Washington Post reporter.

Also, he said ” In next year Def Con conference, he wishes to bring the hackers to Nellis or Creech Air Force bases near Las Vegas where they can probe for bugs on every digital system in a military plane “

Hackers will also be allowed to test the ground control system for an operational military satellite, and if there will be any successful attempt that breaks the system, then it would be a great chance to protect it before it exploits by other malicious hackers. Roper said.

Due to security and privacy reasons, discovered vulnerabilities and related details are not disclosed in public.

Sponsored:  – Manage all the Endpoint networks from a single Console.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity course online to keep yourself updated.

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Nearest Neighbor Attacks: Russian APT Hack The Target By Exploiting Nearby Wi-Fi Networks

Recent research has revealed that a Russian advanced persistent threat (APT) group, tracked as "GruesomeLarch"…

1 day ago

240+ Domains Used By PhaaS Platform ONNX Seized by Microsoft

Microsoft's Digital Crimes Unit (DCU) has disrupted a significant phishing-as-a-service (PhaaS) operation run by Egypt-based…

2 days ago

Russian TAG-110 Hacked 60+ Users With HTML Loaded & Python Backdoor

The Russian threat group TAG-110, linked to BlueDelta (APT28), is actively targeting organizations in Central…

2 days ago

Earth Kasha Upgraded Their Arsenal With New Tactics To Attack Organizations

Earth Kasha, a threat actor linked to APT10, has expanded its targeting scope to India,…

2 days ago

Raspberry Robin Employs TOR Network For C2 Servers Communication

Raspberry Robin, a stealthy malware discovered in 2021, leverages advanced obfuscation techniques to evade detection…

2 days ago

145,000 ICS Systems, Thousands of HMIs Exposed to Cyber Attacks

Critical infrastructure, the lifeblood of modern society, is under increasing threat as a new report…

2 days ago