A recent investigation has revealed serious security vulnerabilities in the flight systems of F-15 fighter jets, used by the armed forces of countries such as Japan, Israel and the U.S., claim specialists in ethical hacking.
If exploited, these vulnerabilities could shut down the Trusted Aircraft Information Download Station (TADS), a complex system embedded into these aircraft tasked with collecting data from video cameras and sensors during flight. This report was revealed during a recent cybersecurity event, although no further details were revealed about the exploitation process; for now, it is only known that exploiting these vulnerabilities requires physical access to aircraft.
The team of ethical hacking experts presented this research in collaboration with security firm Synack, as part of the U.S. Department of Defense bug-finding program, known as “Hack the Pentagon”.
A prominent U.S. Armed Forces procurement officer stated during the event: “We operate with millions of lines of code on all of our aircraft, in case someone finds a flaw in any of these lines of code could shut down an aircraft just by pressing a few keys. It is one of our intentions that the ethical hacking community will help us improve security in our systems; if these vulnerabilities exist, we must find them before engaging in real combat.”
According to Armed Forces officials, in their intention to stay one step ahead of their adversaries, the military forces of nations such as Russia or North Korea already work with hacking specialists, looking for vulnerabilities in their systems and trying to exploit the flaws that exist in rival systems. The risk increased after a group of hackers backed by the North Korean government stole highly confidential military information, including blueprints for these aircraft.
A couple of years ago, the Department of Defense began working more closely with private security companies, primarily through the research and technology development division, known as the Digital Defense Service (DDS). In addition, since its inception, the Hack the Pentagon vulnerability reporting program has found more than 130 security flaws in U.S. defense systems. The program is still expanding, and more and more experts in ethical hacking report possible computer errors to the Pentagon. Also, last year the Hack the Air Force 3.0 program was announced, which would deliver rewards of between $5,000 and $10,000 USD for critical security reports.
“Cybersecurity is more important than ever, so innovative ways to track computer errors that could pose threats to the proper functioning of defense systems need to be found,” said Chris Lynch, Director DDS.
International Institute of Cyber Security (IICS) ethical hacking specialists say the use of collaborative research platforms and programs has allowed the Department of Defense to anticipate potential cybersecurity risks in armed, flight systems, among others, so it is highly likely that the Pentagon will continue to implement these programs in the quest to consolidate a highly secure and intrusion-proof ecosystem by other hackers.