Challenged to find flaws in a system for F-15 a U.S. military fighter jet, hackers came out with a host of vulnerabilities that — if exploited in real life — could have completely shut down the Trusted Aircraft Information Download Station.
For the first time, outside researchers were allowed physical access to the critical F-15 system to search for weaknesses and within two days the group pf 7 hackers were able to find numerous exploits. They even found bugs that the Air Force had tried but failed to fix, reported the Washington Post.
However, the US Air Force had expected the results.
“They were able to get back in through the back doors they already knew were open,” USAF top acquisition official Will Roper told the media outlet.
According to the report, at the DEF CON 27, the hackers lobbed a variety of attacks — including injecting the system with malware and even going at it with pliers and screwdrivers.
Roper attributed “decades of neglect of cyber security as a key issue in developing its products, as the Air Force prioritized time, cost and efficiency” for the weaknesses that were exploited by the hackers.
This is a drastic change from previous years, when the military would not allow hackers to try to search for vulnerabilities in extremely sensitive equipment, let alone take a literal whack at it. But the Air Force is convinced that unless it allows America’s best hackers to search out all the digital vulnerabilities in its planes and weapons systems, then the best hackers from adversaries such as Russia, Iran and North Korea will find and exploit those vulnerabilities first, Roper was quoted as saying.
“There are millions of lines of code that are in all of our aircraft and if there’s one of them that’s flawed, then a country that can’t build a fighter to shoot down that aircraft might take it out with just a few keystrokes,” he said.
During next year’s Def Con conference, Roper wants to bring vetted hackers to Nellis or Creech Air Force bases near Las Vegas where they can probe for bugs on every digital system in a military plane, including for ways that bugs in one system can allow hackers to exploit other systems until they’ve gained effective control of the entire plane.
Those hacking challenges will also be useful for the private sector because military planes and satellites share many of their computer systems with the commercial versions of those products, Roper said, and the Air Force can share its findings.