Germany May Refuse F-35 Purchase over ‘Emergency Switch;’ Consider Eurofighter Instead
www.defensemirror.com
According to reports, a software back-door switch will turn the aircraft off if the client state does not follow Washington’s diktat in the use of the F-35.

I haven’t done adequate due diligence yet - could be inaccurate

I came across this article alleging that Germany is considering bailing on the F-35 aircraft because the US can remotely disable them.

If the US could do this to German F-35s, presumably they can do it to ours…

Additional reporting alleging concern in Canadian defence circles

  • jimd@lemmy.caEnglish
    13·
    18 hours ago

    Are you telling me NSA is incapable of adding in a backdoor that would pass German/Canadian inspections? Zero day backdoors by definition are undiscovered

    • b1t@lemm.ee
      2·
      17 hours ago

      That’s not what I said, at all.

      PS - I work in InfoSec (CISSP). Please tell me more about what I’ve been doing for past 20 years lol

      • uuldika@lemmy.ml
        21·
        16 hours ago

        for someone with two decades of infosec experience, it’s alarming you’d overlook asymmetric cryptography. it’s simple to build an unhackable kill switch using basic cryptographic primitives, unless you think the enemy has a quantum computer.

        • b1t@lemm.ee
          11·
          16 hours ago

          You might want to give this a read, then re-read my original post. I never said there wasn’t a backdoor, just that it would be stupid.

          • uuldika@lemmy.ml
            2·
            15 hours ago

            right, you said it was stupid because:

            Just imagine that you’re in a conflict, then the enemy hacks your command and control systems and disables/hijacks all of your aircraft. Yeah, that’s pretty dumb.

            I’m saying that scenario wouldn’t be possible. for the enemy to exploit a backdoor like this, they’d have to either:

            1. break the encryption (quantum computer, classical sub-exponential discrete log or factoring algorithm.)
            2. break the protocol or encryption (unlikely, since it’d be simple, the NSA is full of competent cryptographers, and they’d probably formally verify it to EAL-5.)
            3. steal the private key (most likely imo, but the government also safeguards the nuclear codes, and it’s hard for me to imagine F-35 kill switch keys being more dangerous than those.)

            I don’t think any of the above are very likely, or at least not likely enough to outweigh the strategic benefit of being able to ground your enemy’s air force in the (hitherto unlikely) scenario one of the US’s customers became its enemy. so I don’t think it’s stupid, and I don’t think I straw-manned you.

            • b1t@lemm.ee
              1·
              13 hours ago

              Just because I mentioned one scenario and didn’t mention another, very specific scenario doesn’t mean I ruled it out completely. And yes, that is a straw man, see Nutpicking.

              You’re also giving them the benefit of the doubt and assuming that the encryption is implemented properly. Which is something the NSA has botched before and could very well be used to ground allied aircraft during joint operations. Which, again, would be stupid.