A group of seven Ethical hackers who were exclusively allowed to test the flight system for a U.S. military fighter jet, in result, they found severe vulnerabilities in critical F-15 fighter jet systems.
The flaws allowed them to take control of video cameras and sensors while the fighter jet on flying and completely shut down the Trusted Aircraft Information Download Station (TADS), a $20,000 device that collects data from video cameras and sensors while jets are in flight.
Ethical hackers were tried to exploit the system using various form of attacks such as injecting the system with malware, and even going at it with pliers and screwdrivers, Will Roper, the Air Force’s official said to Washington post.
The same hackers also tried to find the vulnerabilities in Air Force, but they failed, and the same team of hackers tired similar tests in November without actually touching the device.
Until last year, U.S military would not be allowed anyone to touch the extremely sensitive equipment and find the vulnerabilities.
But this year, the Air Force convinced that unless it allows America’s best hackers to search out all the digital vulnerabilities in its planes and weapons systems, there are chances that most dangerous hackers from Russia, Iran and North Korea will find and exploit those vulnerabilities first.
Roper also pointed that “There are millions of lines of code that are in all of our aircraft and if there’s one of them that’s flawed, then a country that can’t build a fighter to shoot down that aircraft might take it out with just a few keystrokes,”
Synack, a cybersecurity firm that offers Pentagon third-party vulnerability testing services were brought all these 7 ethical hackers to Vegas to find the vulnerabilities in TADS devices.
U.S Defense announced a first hacking competitions in 2016 under the name of ” “Hack the Pentagon” and later moment they launched “Hack the Air Force.” in which any one can participate but targeting systems are limited such as included only public-facing hacking targets such as military service websites and apps.
After that, U.S defense opens more sensitive systems and allowed a very small number of highly skilled hacking to test the system by signing a nondisclosure agreement.
According to the DDS(Defense Digital Service) director Brett Goldstein, “hackers allowed this time and to physically disassemble the TADS systems to get a better idea of what kinds of digital attacks might be effective, Goldstein said. That meant the hackers could simulate a cyberattack from adversaries that had infiltrated the vast network of suppliers that make TADS components and had sophisticated knowledge about how to compromise those elements.”
Its time to advised to Air Force vendors build better software and hardware security controls into their planes and weapon system to eliminate the burden for the Air Force to avoid spending time with backend cybersecurity. Roper said to Joseph Marks, A Washington Post reporter.
Also, he said ” In next year Def Con conference, he wishes to bring the hackers to Nellis or Creech Air Force bases near Las Vegas where they can probe for bugs on every digital system in a military plane “
Hackers will also be allowed to test the ground control system for an operational military satellite, and if there will be any successful attempt that breaks the system, then it would be a great chance to protect it before it exploits by other malicious hackers. Roper said.
Due to security and privacy reasons, discovered vulnerabilities and related details are not disclosed in public.
Sponsored: Best Practices to Strengthen Cyber Security – Manage all the Endpoint networks from a single Console.