US military swoops into DEF CON seeking a few good hackers for debut aviation pwning village

Faulty F-15s, at-risk airbases and much more

DEF CON For the first time, Vegas's annual DEF CON hacking conference has an "aviation hacking village", and the US military is scouting around there for a few good hackers to find bugs that its own hackers have missed.

"We've got some great hackers on our team and we're proud of them," Dr Will Roper, assistant secretary of the Air Force for Acquisition, Technology and Logistics, told The Register. "But we may not have the best, and that's why we're here. There's a big pool of talent out there and bringing in fresh eyes could show us stuff that we've missed."

Setting up the village and getting the necessary security clearances has been "eight months of pain," one of the organisers told us, but judging by the scrum it's certainly popular.

Low-key efforts have been underway for over a year now, and saw a carefully selected and vetted team of non-military US hackers let loose on a F-15 fighter's systems back in November.

They found 22 software vulnerabilities in the aircraft's operating system. While the aircraft isn't internet-connected in the air yet, it will be: the new F-35 is intended to act as a data hub for other aircraft and the military wanted to make sure that this wasn't going to cause issues. There's also the worry that after the plane lands, malware nasties might be installed.

In the second round, a team of hackers is currently poring through the F-15's systems to, firstly, check the old vulnerabilities have been fixed, and, secondly, find new ones that could cause problems in the future.


You can't try this at home, kids

For infoseccers keen on trying their hand at aircraft hacking, the military has brought in Lego models of helicopters and cargo planes. These are linked to Arduino boards running avionics control systems, allowing anyone to come over and plug their laptops into them and try a bit of hacking.

The models are run by engineers at the Naval Air Station Patuxent River (PAX), who provide a basic instruction guide on the operating systems and then let the hackers loose. The idea is to find out vulnerabilities that could be exploited by a suicidal passenger in flight, or from devices installed by corrupt or turned engineers on the ground.

"Many aviation systems were built in the '60s and '70s and are very trusting," explained PAX engineer Nick Ashworth. "They have been designed due to lessons paid in blood – PAX is full of streets named after flyers who have died on the job – but we want to make them better."

Testing of individual avionics systems is also being carried out at the village. Red-teamers Pen Test Partners are in the village with a bunch of commercial aviation equipment salvaged from scrap yards and bought on the second-hand markets.

Ken Munro, a consultant for the biz, wants hackers to break out their equipment and see what new holes can be found in existing systems. This can be used to apply fixes and provide insights for the next generation of designs.

It's also not just aircraft that are being tested at DEF CON, but the facilities that support them. A Lego model of a US airbase is in position for hackers to test their mettle against because the military is worried that industrial control systems are at risk.


We've lost control again

Scott Thompson, a supervisory control and data acquisition (SCADA) engineer from military contractor CACI, explained that the control systems used to handle things like an airbase's power supply and infrastructure management systems are ancient in computing terms, in some cases 30 years old.

"We've found this software on the majority of our airbases and it's not secure," said Thompson. "The manufacturers are unwilling to alter the code to close up vulnerabilities because they work. So we're looking to build security systems around them to lock off potential threats." ®

Similar topics

Broader topics

Other stories you might like

  • Talos names eight deadly sins in widely used industrial software
    Entire swaths of gear relies on vulnerability-laden Open Automation Software (OAS)

    A researcher at Cisco's Talos threat intelligence team found eight vulnerabilities in the Open Automation Software (OAS) platform that, if exploited, could enable a bad actor to access a device and run code on a targeted system.

    The OAS platform is widely used by a range of industrial enterprises, essentially facilitating the transfer of data within an IT environment between hardware and software and playing a central role in organizations' industrial Internet of Things (IIoT) efforts. It touches a range of devices, including PLCs and OPCs and IoT devices, as well as custom applications and APIs, databases and edge systems.

    Companies like Volvo, General Dynamics, JBT Aerotech and wind-turbine maker AES are among the users of the OAS platform.

    Continue reading
  • Despite global uncertainty, $500m hit doesn't rattle Nvidia execs
    CEO acknowledges impact of war, pandemic but says fundamentals ‘are really good’

    Nvidia is expecting a $500 million hit to its global datacenter and consumer business in the second quarter due to COVID lockdowns in China and Russia's invasion of Ukraine. Despite those and other macroeconomic concerns, executives are still optimistic about future prospects.

    "The full impact and duration of the war in Ukraine and COVID lockdowns in China is difficult to predict. However, the impact of our technology and our market opportunities remain unchanged," said Jensen Huang, Nvidia's CEO and co-founder, during the company's first-quarter earnings call.

    Those two statements might sound a little contradictory, including to some investors, particularly following the stock selloff yesterday after concerns over Russia and China prompted Nvidia to issue lower-than-expected guidance for second-quarter revenue.

    Continue reading
  • Another AI supercomputer from HPE: Champollion lands in France
    That's the second in a week following similar system in Munich also aimed at researchers

    HPE is lifting the lid on a new AI supercomputer – the second this week – aimed at building and training larger machine learning models to underpin research.

    Based at HPE's Center of Excellence in Grenoble, France, the new supercomputer is to be named Champollion after the French scholar who made advances in deciphering Egyptian hieroglyphs in the 19th century. It was built in partnership with Nvidia using AMD-based Apollo computer nodes fitted with Nvidia's A100 GPUs.

    Champollion brings together HPC and purpose-built AI technologies to train machine learning models at scale and unlock results faster, HPE said. HPE already provides HPC and AI resources from its Grenoble facilities for customers, and the broader research community to access, and said it plans to provide access to Champollion for scientists and engineers globally to accelerate testing of their AI models and research.

    Continue reading

Biting the hand that feeds IT © 1998–2022