Wikipedia reports the weapon systems of the Lockheed Martin F-35 Lightning II as follows:
- GAU-22/A, a four-barrel version of the 25 mm GAU-12 Equalizer cannon
- AIM-9X Sidewinder
- AIM-132 ASRAAM short-range air-to-air missiles
- AIM-120 AMRAAM BVR AAM
- Storm Shadow cruise missile
- AGM-158 Joint Air to Surface Stand-off Missile (JASSM) cruise missile
- Guided bombs
- air-to-surface missiles
- Joint Direct Attack Munition (JDAM)
- Paveway series of bombs
- Joint Standoff Weapon (JSOW)
- Brimstone anti-tank missiles
- cluster munitions (Wind Corrected Munitions Dispenser
- B61 nuclear bombs (2)
- Solid-state lasers
- High Speed Strike Weapon
Not all options are available on any one flight.
Sean Lyngaas reports in Untold lines of code make Pentagon weapons vulnerable:
Weapons systems remain vulnerable to hacking despite the billions of dollars the Defense Department spends annually on cybersecurity, Pentagon officials have acknowledged. Frank Kendall, the department’s top acquisition official, is taking a stab at the problem through his latest round of guidance, but he appears to be up against formidable foes in the scope of the threat and the cost of addressing it.
There are nine million lines of code in the F-35 joint strike fighter jet, plus 15 million lines in support systems, according to Richard Stiennon, chief research analyst at IT-Harvest. Cleaning up all the code in the weapons systems being produced for DOD would cost hundreds of billions of dollars alone, reckoned Stiennon, who is writing a book on cyber warfare. “In other words, if we ever go to war with a sophisticated adversary, or have a battle, they could pull out their cyber weapons and make us look pretty foolish,” he said.
…
Stiennon of IT-Harvest said cyber vulnerabilities have been baked into the defense acquisition system. “The Pentagon made a mistake common to many manufacturers,” he wrote in an op-ed in November 2014. “They assumed that because their systems were proprietary and distribution was controlled there would be no hacking, no vulnerabilities discovered, and no patch-management cycles to fix them. This is security by obscurity, an approach that always fails over time.”
Let’s see, 9 million lines of code in the F-35 plus 15 million in support systems, what, 24 million lines of code?
Is anyone giving odds on the first zero-day bug being a buffer overflow condition?
Welcome to the Internet of Things! Where potentially hackable things include the F-35 with the weapons systems listed above.
The data scientists keep wailing about a shortage of data scientists. Much more likely to have a shortage of cracker talent.
Better to break an F-35 yourself while it is sitting on the ground, unarmed, that for that to happen in the air while carrying a nuke.
Top cracker talent is going to start attracting baseball like salaries. What did they used to say: “The future is so bright I have to wear shades?”
PS: You do realize that cracking an F-35 without permission of its owner and/or as part of a country’s military is likely a crime in most jurisdictions? Just checking.
Editorial correction:
The original lead sentence read:
The Wikipedia article Lockheed Martin F-35 Lightning II reports that you could gain control over:
which to one close reader implied that Wikipedia stated that hacks of an F-35 would give control over the weapons systems listed.
To clarify that the only reliance on Wikipedia was for the list of weapons systems, the lead sentence now reads:
Wikipedia reports the weapon systems of the Lockheed Martin F-35 Lightning II as follows:
I amended the paragraph that starts: “Welcome to the Internet of Things!” to read:
Welcome to the Internet of Things! Where potentially hackable things include the F-35 with the weapons systems listed above.