I haven’t done adequate due diligence yet - could be inaccurate

I came across this article alleging that Germany is considering bailing on the F-35 aircraft because the US can remotely disable them.

If the US could do this to German F-35s, presumably they can do it to ours…

Additional reporting alleging concern in Canadian defence circles

  • Voroxpete@sh.itjust.works
    link
    fedilink
    arrow-up
    33
    arrow-down
    4
    ·
    7 months ago

    Nothing in the article backs up the headline claim. The closest it gets is their quoted expert saying that he worries about the US doing to the F-35 what they’re doing to Ukraine. He’s almost certainly referring to the fact that parts and software updates are produced by the US, who could choose to withhold them, just like they’re withholding aid from Ukraine.

    Every serious defence analyst has laughed at the idea that the F-35 has a secret killswitch. This would be the dumbest thing ever to include in an aircraft, because there is always the possibility that your enemies could find out about it.

    Consider; if an F-35 kill switch did exist, any buyer of the craft could invest the resources required to go over every inch of circuit and line of code and find it, and then deactivate every US F-35. It would be more of a liability for them than it is for us. And, equally, our experts could simply patch around the killswitch on our planes. Nations like Canada and Germany are not lacking in technical expertise.

    This bonkers notion seems mostly to be rooted in the broader fear that the F-35 is somehow “too advanced”, an idea that largely springs from the diseased brain of Pierre Sprey (seriously, if you chase down every bad thing said about the F-35, odds are ridiculously high that Sprey said it first). Sprey also believed that the ideal design for a modern attack fighter has a machine gun, no missiles, no computers, and no radar.

    I’m not joking, not even slightly. Pierre Sprey wanted the modern world to fight Russia with planes that had no radar.

    There are valid concerns to be raised about the idea of adopting a craft whose supply chain is centred on the US. That’s a discussion that NATO partners should be having. But this “killswitch” nonsense just derails that important discussion into paranoid conspiracy theorist nonsense rooted in the deranged ramblings of a self-aggrandizing madman.

    • uuldika@lemmy.ml
      link
      fedilink
      arrow-up
      11
      ·
      7 months ago

      Every serious defence analyst has laughed at the idea that the F-35 has a secret killswitch. This would be the dumbest thing ever to include in an aircraft, because there is always the possibility that your enemies could find out about it.

      just cryptographically sign the kill switch transmission. the fighter would contain the public key to verify, but enemies would need the private key to trigger it, which the NSA would keep buried in cold storage like the DUAL-EC-DRBG trapdoor key.

      you’d probably also want to include the fighter’s serial number or IFF transponder code, so the enemy couldn’t capture or replay.

      Consider; if an F-35 kill switch did exist, any buyer of the craft could invest the resources required to go over every inch of circuit and line of code and find it, and then deactivate every US F-35.

      there’s something like 100M LoC of C++ (not Ada 😥) in an F-35. and Canada doesn’t have the sources, so they’d have to decompile that. maybe they could focus on the radios, radar and other devices direct connection to receivers, but the implant might be downstream, and there’s a lot of ways to hide an antenna.

      even dumping the chips isn’t easy. many of them likely have security features, since they contain classified algorithms which the DoD would rather enemies not be able to extract from the downed wreckage of a fighter. certainly the JTAG pins are not going to be enabled. even die shots could be frustrated by metal meshes over the wafer or possibly even microscopic amounts of explosives triggered by de-lidding.

      But this “killswitch” nonsense just derails that important discussion into paranoid conspiracy theorist nonsense rooted in the deranged ramblings of a self-aggrandizing madman.

      there’s secure ways to build a kill switch, there’s an abundance of places to hide it in a highly complex fighter, and this kind of spooky stuff is well within the NSA’s wheelhouse. it’s the kind of thing NSA is known for, even - the Crypto AG CIA front, the DUAL-EC-DRBG backdoor, TAO’s clandestine program to intercept and backdoor mailed routers and servers. they clearly can do this kind of thing, since they clearly have before.

      did they backdoor the F-35? I don’t know, but it’s plausible, and CSIS/CSE should investigate.

      • Voroxpete@sh.itjust.works
        link
        fedilink
        arrow-up
        4
        ·
        7 months ago

        There has to be some kind of direct connection between the communications systems and the flight critical systems for any of that to even be remotely plausible. That kind of connection is basically impossible to hide, and simply would not exist in a well designed piece of military hardware. It’s existence would be immediately obvious to the people buying the plane, and the people tasked with maintaining it.

        Show me one single military analyst with worthwhile credentials who believes this is a serious concern. Not articles like this one where they take a quote wildly out of context and use it to backup an entirely fabricated claim. I mean an actual certifiable expert stating clearly and unambiguously that the possible existence of this killswitch is something we have to be worried about.

    • humanspiral@lemmy.ca
      cake
      link
      fedilink
      arrow-up
      1
      ·
      7 months ago

      buyer of the craft could invest the resources required to go over every inch of circuit and line of code and find it

      Buyers do not get source code either. Israel gets a special version with no US software control.

    • CanadaPlus@lemmy.sdf.org
      link
      fedilink
      arrow-up
      4
      arrow-down
      3
      ·
      edit-2
      7 months ago

      Every serious defence analyst has laughed at the idea that the F-35 has a secret killswitch. This would be the dumbest thing ever to include in an aircraft, because there is always the possibility that your enemies could find out about it.

      And yet, intelligence agencies do that kind of thing all the time. If they’re sure only they have the key, or if they can patch it out of their own planes, the risk is pretty low. Which defence analysts are you thinking of?

      Nobody can point at proof it’s there, but I’d be surprised as hell if it’s not, so at least I’m not looking for extraordinary evidence.

        • CanadaPlus@lemmy.sdf.org
          link
          fedilink
          arrow-up
          4
          ·
          7 months ago

          This is a really good and detailed look at the supply chain issues and what exactly those US updates do, thanks.

          It doesn’t actually debunk anything about the “killswitch myth”, though. It pretty much just uses it as a prelude for the other stuff.

          • Voroxpete@sh.itjust.works
            link
            fedilink
            arrow-up
            3
            ·
            edit-2
            7 months ago

            The problem here is that any serious debunking of the myth basically goes the same way; “No, that’s stupid, no one would do that.”

            It’s the proving a negative issue. The internals of the F-35 are not something that anyone is at liberty to discuss, so anyone who wants to wildly speculate about what could be in there is free to make up whatever they want, and anyone in a position to prove them wrong is legally unable to do so.

            But the idea simply does not pass the sniff test. You’re talking about handing these weapons over to advanced nations with access to serious technical know how, and just rolling the dice that none of them ever discover it before you get a chance to use it. And that’s assuming the idea is even plausible. It’s not like you can just ping this thing like a fucking router. It’s not flying around advertising its IP address. It was built to be a stealth aircraft; that means, among other things, removing all extraneous external communications. And there’s literally no reason to connect any part of the critical software to the external comms and every reason not to, given that the US’ enemies are pretty damn good at cyberwarfare. That would be a crippling vulnerability for a weapon system like that.

            Basically, the reason no serious commenter believes a killswitch exists is because we simply do not build combat aircraft in a way that would allow a killswitch to exist.

            But please feel free to show me an actual quote from someone with serious defence tech credentials saying otherwise. So far, I’ve not seen any.

            • CanadaPlus@lemmy.sdf.org
              link
              fedilink
              arrow-up
              2
              ·
              7 months ago

              Would they be updated by sneakersnet, then? I guess that would make sense, but the only difference is that it would take slightly longer for data to arrive.

              It is a negative issue, so the only thing to consider is how plausible it is. It would be easy for them to push a malicious update, I assume that’s not in dispute?

              • Voroxpete@sh.itjust.works
                link
                fedilink
                arrow-up
                2
                ·
                7 months ago

                Try to think about what you’re actually describing. It’s one year from now. Tensions between the US and Canada have steadily and rapidly escalated. US troops are massing on the Canadian border under the guise of “training exercises”… And some guy in the RCAF is like “Shit, better not forget to run that new firmware update that the Americans pushed for us, and absolutely no one else.” Is that the scenario we’re envisioning here?

                • CanadaPlus@lemmy.sdf.org
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  edit-2
                  7 months ago

                  No, in that situation we just wouldn’t do an update. I’d be more worried about a backdoor that’s triggered by not updating for an extended period, maybe along along with a few other hints, and was actually made with the possibility of the Iranians capturing an F-35 in mind.

                  More like, it’s a year from now and Trump decides to take his ball and go home, so he directs the NSA and DIA to build an update that will brick planes which aren’t parked in one of his favoured countries, after a delay of about a month to ensure he gets as many as possible.

    • grue@lemmy.world
      link
      fedilink
      arrow-up
      2
      arrow-down
      1
      ·
      7 months ago

      The whole rumor kinda smells like a disinformation campaign designed to drive even more wedges between the US and the rest of NATO, TBH.

      • Voroxpete@sh.itjust.works
        link
        fedilink
        arrow-up
        4
        arrow-down
        1
        ·
        edit-2
        7 months ago

        Honestly, it mostly just sounds like more fear mongering about the F-35, which has been going on for ages, and is mostly a Russian disinformation campaign. Pierre Sprey - the originator of all the F-35 criticisms that routinely get handed around - is very regularly a paid guest on RT and other Russian state controlled news outlets.

        Basically Russia is really scared of the F-35 program and would much rather their enemies keep flying upgraded fourth gen fighters. If the US was selling the F-22 to the rest of the world you’d be hearing all the same noise but about that plane instead.

    • jimd@lemmy.ca
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      3
      ·
      7 months ago

      Are you telling me NSA is incapable of adding in a backdoor that would pass German/Canadian inspections? Zero day backdoors by definition are undiscovered

      • Voroxpete@sh.itjust.works
        link
        fedilink
        arrow-up
        8
        ·
        7 months ago

        There’s no such thing as a “zero day backdoor”. You’re conflating “backdoor” with “zero day exploit” which are entirely separate things.

        And its not a question of whether or not the NSA is capable of doing that. It’s whether they’re capable of doing it in a way that they would absolutely 100% certain could never be discovered.

        But more importantly, as I pointed out elsewhere, in order for it to even be possible for such a backdoor to exist, the entire aircraft would have to be designed in a way that was hilariously, outrageously and inconceivably unsafe to operate. You simply do not link mission critical system to external communications systems that are in operation while a vehicle is airborne. Such a design flaw would be immediately obvious to the people whose job it was to approve the purchase, because there’s no way you connect up systems like that in secret. While the US might supply the parts, it’s still our guys who maintain them and integrate them into the vehicle.

    • Darkassassin07@lemmy.ca
      link
      fedilink
      English
      arrow-up
      13
      arrow-down
      2
      ·
      7 months ago

      Just because you put kill switches in the ones you sell, doesn’t mean you’ve got to put them in your own.

      But yeah, being able to remotely kill a fighter jet is incredibly stupid.

      • skozzii@lemmy.ca
        link
        fedilink
        arrow-up
        13
        arrow-down
        4
        ·
        7 months ago

        Just because you put kill switches in the ones you sell

        That right there is what it is. I can almost guarantee this to be the case, as a Canadian I have always opposed the F-35’s. We need twin engine for our Arctic climates and who cares about stealth when you are defending your territory. We aren’t an aggressive country.

        • Voroxpete@sh.itjust.works
          link
          fedilink
          arrow-up
          9
          arrow-down
          2
          ·
          7 months ago

          You care about stealth when defending your country because stealth is how you win air to air combat now.

          Dogfighting is as meaningful to modern air combat as the horse and lance are to modern ground combat. Fighter planes work like submarines now; the goal is to detect and kill the enemy before they can detect and kill you. Kills happen from outside of visual range.

          A defensive aircraft without advanced stealth can be shot and killed by an aggressor before they ever have the ability to target that aggressor.

          To put it another way, do you think that our soldiers only wear camouflage when they’re planning a sneak attack? Do our troops wear hazard vests and strap road flares to their helmets when they’re defending a location to make sure the enemy knows exactly where they are? Or is it, in fact, always beneficial to see your enemy before they see you?

    • ByteJunk@lemmy.world
      link
      fedilink
      arrow-up
      5
      arrow-down
      1
      ·
      7 months ago

      While speculation, I don’t doubt it one bit.

      It’s unlikely you’d be able to fly these without US maintenance and supplies in the first place, but even if you could, I’d trust them as much as pagers from Israel.

    • Adrius@ttrpg.network
      link
      fedilink
      arrow-up
      2
      ·
      7 months ago

      This is exactly what happens in the Battlestar Galactica reboot with all the fancy newer ships in the first couple episodes.

    • jimd@lemmy.ca
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      3
      ·
      7 months ago

      Are you telling me NSA is incapable of adding in a backdoor that would pass German/Canadian inspections? Zero day backdoors by definition are undiscovered

        • uuldika@lemmy.ml
          link
          fedilink
          arrow-up
          2
          arrow-down
          1
          ·
          7 months ago

          for someone with two decades of infosec experience, it’s alarming you’d overlook asymmetric cryptography. it’s simple to build an unhackable kill switch using basic cryptographic primitives, unless you think the enemy has a quantum computer.

            • uuldika@lemmy.ml
              link
              fedilink
              arrow-up
              2
              ·
              7 months ago

              right, you said it was stupid because:

              Just imagine that you’re in a conflict, then the enemy hacks your command and control systems and disables/hijacks all of your aircraft. Yeah, that’s pretty dumb.

              I’m saying that scenario wouldn’t be possible. for the enemy to exploit a backdoor like this, they’d have to either:

              1. break the encryption (quantum computer, classical sub-exponential discrete log or factoring algorithm.)
              2. break the protocol or encryption (unlikely, since it’d be simple, the NSA is full of competent cryptographers, and they’d probably formally verify it to EAL-5.)
              3. steal the private key (most likely imo, but the government also safeguards the nuclear codes, and it’s hard for me to imagine F-35 kill switch keys being more dangerous than those.)

              I don’t think any of the above are very likely, or at least not likely enough to outweigh the strategic benefit of being able to ground your enemy’s air force in the (hitherto unlikely) scenario one of the US’s customers became its enemy. so I don’t think it’s stupid, and I don’t think I straw-manned you.

    • Phoenixz@lemmy.ca
      link
      fedilink
      arrow-up
      17
      ·
      7 months ago

      Switzerland will do anything and everything possible to protect it’s neutrality, always has. If you buy weapons and or ammo from there, you kinda get what you’re asking for. They are good to use in training and that’s it

    • Stovetop@lemmy.world
      link
      fedilink
      arrow-up
      11
      ·
      edit-2
      7 months ago

      As an average Windows user, I feel like that shouldn’t be necessary. If you don’t want your F-35s remotely disabled, just go into the system settings and disable the cockpit personalization, DoD telemetry, flight control suggestions, and especially uncheck the “Help make America safer by sending usage and crash statistics to the Pentagon” box.

      Of course you also need to double check after every system update to make sure that none of these settings ended up getting patched back on without notice, but for the average pilot, it couldn’t be more user friendly.

      • Jimbabwe@lemmy.world
        link
        fedilink
        arrow-up
        6
        ·
        7 months ago

        And remember, please try to press the OK button to send Microsoft your anonymous crash analytics before your F-35 smashes into the ground.

  • Hirom@beehaw.org
    link
    fedilink
    arrow-up
    6
    ·
    7 months ago

    This report explains F-35 have no remote control nor kill switch, but depend on US companies for maintenance and parts.

    Source : https://interestingengineering.com/military/f35-kill-switch-reports-debunked

    Even if an F-35 operator disconnected from the larger Joint Strike Fighter program’s supply chains can keep some number of its jets flying for a period of time through spares on hand and cannibalization, those aircraft would have extremely degraded capabilities.

    Source : https://www.twz.com/air/you-dont-need-a-kill-switch-to-hobble-exported-f-35s

  • nyan@lemmy.cafe
    link
    fedilink
    English
    arrow-up
    3
    ·
    7 months ago

    My understanding is that there’s some weird shenanigans going on with an encryption key or something of that ilk that has to be renewed daily from US servers for the aircraft to continue to function, but I’m not sure how reliable the source I got that from is. However, I wouldn’t buy F-35s either, if I were a nation-state shopping for aircraft.

    • kent_eh@lemmy.ca
      link
      fedilink
      English
      arrow-up
      4
      ·
      7 months ago

      If true, that could be a massive problem if communications get damaged in a conflict, even if the US is not acting maliciously.

      • nyan@lemmy.cafe
        link
        fedilink
        English
        arrow-up
        3
        ·
        7 months ago

        I haven’t been able to identify the source from which I first got the information, unfortunately, but other stuff I’ve found while looking makes me think there may indeed be a comms issue: ODIN, the new software platform for these birds that’s now being put into production, is repeatedly described as “cloud-based”. That and one site’s cryptic reference to “F-35 crypto ignition keys” do not exactly inspire confidence in me. Or at least, if whatever I read first was a misinterpretation, I can kind of see where it was coming from.

        • uuldika@lemmy.ml
          link
          fedilink
          arrow-up
          1
          ·
          7 months ago

          crypto ignition keys (CIKs) are just setup tools to load bootstrap keys into a device.

          like, for instance, if you’ve just unboxed a secure telephone, there’s no keys in it, so you have to use a CIK to load keys/ciphers into the phone before you can make calls from it.

          the private sector doesn’t use them much, but NSA invented them and they’ve been a staple of IC infra for decades.

        • kent_eh@lemmy.ca
          link
          fedilink
          English
          arrow-up
          1
          ·
          7 months ago

          Yeah, cloud based authentication (or features/functions) is a massive red flag for any piece of equipment that you need to rely on in changing and unpredictable situations.

    • CanadaPlus@lemmy.sdf.org
      link
      fedilink
      arrow-up
      4
      arrow-down
      1
      ·
      7 months ago

      That seems like just a rumour, I doubt anybody would have accepted it. The software is written exclusively in the US and proprietary, though, including every update.

  • fieryhamster@lemmy.world
    link
    fedilink
    arrow-up
    2
    ·
    7 months ago

    And out of curiousity… what’s to keep these other countries from swapping out the software and/or hardware that causes this? They bought it and the US can go pound sand. Am I saying it’s easy to do? No. But it’s not impossible and a far sight cheaper than buying all new planes from someone else.

    • Zorsith@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      7 months ago

      The risk is the US sticking a logic bomb into a firmware update that physically breaks chips without regular updates that are signed by the US manufacturers CA.

      Trust is important and frankly the US isnt very deserving of trust at the moment.

      Edit; tbh id be surprised if something like this isn’t already there for the purpose of guaranteed support contract money for each major component. Stop paying? Go find another component, shits bricked.

      Gotta keep that MIC money flowing.

  • Geobloke@lemm.ee
    link
    fedilink
    arrow-up
    1
    ·
    7 months ago

    I feel like a jet and it’s systems would be relatively easy to hack. The weapons on the other hand, not so much. Just window those to a certain geographical system or refresh their systems when they connect to gps or something

  • AcousticMoose@lemmy.ca
    link
    fedilink
    arrow-up
    1
    ·
    7 months ago

    I guess the flip side of this is that the Americans are (presumably) actively training our military on the detailed operation and capabilities of the F-35. Could come in useful if things get bad. It’s one of those things that is mind-bending about the situation we are in

  • humanspiral@lemmy.ca
    cake
    link
    fedilink
    arrow-up
    1
    ·
    7 months ago

    Beyond any “off switch”, you need permission on every flight for the “on switch”. Lockheed doesn’t even give US military manuals, and so only Lockheed consultants can maintain/repair the planes.

    Beyond that, it is a horrible plane that is horribly expensive. Low flight time. Everyone in the world who approved buying any, is primafacie corrupt traitor, and straight to jail.

  • AllNewTypeFace@leminal.space
    link
    fedilink
    arrow-up
    3
    arrow-down
    3
    ·
    7 months ago

    Poland, Finland and all three Baltic states are buying F-35s, which is less than ideal.

    I wonder what Putin would have to offer Trump to nerf, say, Estonia’s F-35s at an opportune moment.