|
Captain von Trapp posted:"Cyber", buzzwordy as it is, is a thing. People have done all kinds of things to regular computers using malformed inputs that are not executable. Which is to say it's absolutely part of any modern war plan, but it's far from a silver bullet.
|
#
?
Jan 14, 2019 15:52
|
|
|
|
| # ? Jun 1, 2024 05:41 |
|
|
Yes, absolutely. It's the kind of thing where in the rare and precious event it will work in a particular case, it's kept buttoned up very tight.
|
|
#
?
Jan 14, 2019 16:31
|
|
|
Captain von Trapp posted:"Cyber", buzzwordy as it is, is a thing. People have done all kinds of things to regular computers using malformed inputs that are not executable. You wouldn't be hacking the radar though, you would be attacking a vulnerability in the consumer of the decoded data stream on the backend.
|
|
#
?
Jan 14, 2019 17:23
|
|
|
A thousand radar screens, showing goatse in unison.
|
|
|
#
?
Jan 14, 2019 17:34
|
|
|
CIGNX posted:Didn't the US get a hold of a bunch of AA stuff in the immediate aftermath of the Cold War to learn exactly that sort of thing? I remember reading somewhere that part of the F-35's EW suite is a bunch of exploits they learned from reverse engineering equipment purchased from former Warsaw Pact countries. Yeah. EW exploits are not the computer virus sort. They're control systems black magic. Examples are finding resonances or frequencies/patterns that the threat anti-aliasing filters can't catch. M_Gargantua fucked around with this message at 18:09 on Jan 14, 2019 |
|
#
?
Jan 14, 2019 18:06
|
|
|
More like scanning photos on VK for images of SAM sites and then targeting a standoff munition based on metadata. Weaponized social media trolling.
|
|
#
?
Jan 14, 2019 18:10
|
|
|
INTJ Mastermind posted:I believe another goon mentioned this previously. The Israelis are alleged to have used a similar trick when they struck that suspected Syrian nuclear site, but the sourcing for that claim was... dubious at best. Given the number of emitters, data links, and digital systems in modern fighters/anti-air systems, and the number of computer systems that do a poor job of sanitizing inputs, I would rate remote malicious code injection via the target's emitters is "not impossible," but it also relies on a detailed exploitation of the target system, and any entity who has developed such a capability is going to keep it close to the vest. Realistically, any exploitation sufficiently thorough to let you start tailoring malicious code against a target will almost certainly reveal plenty of other vulnerabilities that require less work to exploit.
|
|
#
?
Jan 14, 2019 19:03
|
|
|
Dead Reckoning posted:That was me, but I was responding to a goon asking about using the idea in a sci-fi story about aliens invading. RCE is unlikely, but not the only attack. A lot of ECM could be considered an early form of hacking. The classic example that always comes to mind for me is countering infrared sensors that work by spinning a line sensor, like the original Sidewinder. You can attack it by making your output resemble the intermediate representation used by the system, that is, if you use an infrared source that pulses, the receiver thinks the signal is pulsing because it is off center, not because of its own emissions, and the missile will turn off course. Having a detailed knowledge of Syrian radars would enable something simiilar, for sure, yet the level of technical knowledge and confidential information needed to just explain that attack is so high that it would be a lot simpler for Israel's sources to claim "we hacked their computers via the SAM radar".
|
|
#
?
Jan 14, 2019 19:08
|
|
|
I think you need to understand how computers and computer architecture works before starting to talk about things like killing radar control computers with a crafty signal. No you cannot do that, anymore than you can do it by sending SOOPA SEXRIT HAX CODES through the power grid. It just does not work that way.
|
|
#
?
Jan 14, 2019 20:22
|
|
|
There are entire categories of side channel attacks involving power glitching, it’s not completely impossible. Certainly in the realm of Clancy novel or hard sci-fi “I guess that could happen” though
|
|
#
?
Jan 14, 2019 20:29
|
|
|
Theoretically I guess you could execute, like, a buffer overflow or something if it has such a vulnerability and you have extremely detailed knowledge of the system behind it. But that's presupposing a lot, and the idea has come up so much that I'd be at least a little surprised if those inputs aren't sanitized.
|
|
#
?
Jan 14, 2019 20:40
|
|
|
Defeat modern anti-air systems by bundling a program that lets you watch porn on the radar screens with malware, place them on USB drives, and launch DPCIM warheads stuffed with the drives at air defense site parking lots. DoD where's my grant money?mlmp08 posted:The US is working toward having all their shooters work agnostic of the sensor data on which they're firing as well as controlling all the tactical systems from a more centralized, remote control station, but that stuff is hard, and it keeps missing its test milestones and, if the program survives at all in its current form, it will arrive years behind schedule. Can't wait until we have a some sort of centralized "net", protecting our sky. Wonder what they'll call it?
|
|
#
?
Jan 14, 2019 20:41
|
|
|
Force de Fappe posted:I think you need to understand how computers and computer architecture works before starting to talk about things like killing radar control computers with a crafty signal. No you cannot do that, anymore than you can do it by sending SOOPA SEXRIT HAX CODES through the power grid. It just does not work that way. It's not inconceivable. Here's a totally fictional but not implausible scenario: A missile launcher automatically slews the missiles according to the information given by the radar. There are physical limits on how fast the launcher can be safely slewed, but those are never approached in practice because planes don't cross the field of fire that quickly. An ECM tells the radar that the plane is moving at impossible speeds. The system overdrives the servos, damaging them. That's exactly the kind of thing that could be overlooked in development, discovered by secret analysis, and kept classified until needed.
|
|
#
?
Jan 14, 2019 20:46
|
|
|
Mortabis posted:and the idea has come up so much that I'd be at least a little surprised if those inputs aren't sanitized. Sweet summer child...
|
|
#
?
Jan 14, 2019 20:46
|
|
|
Force de Fappe posted:I think you need to understand how computers and computer architecture works before starting to talk about things like killing radar control computers with a crafty signal. No you cannot do that, anymore than you can do it by sending SOOPA SEXRIT HAX CODES through the power grid. It just does not work that way. For a standard radar system, you are right. An analog signal sampled by an A/D converter and then plotted on a scope is not vulnerable to this sort of attack. However, if the input is a data stream which the radar receiver front end converts to digital data which is then consumed by onboard computers for navigation information or whatever then yes, it probably is vulnerable to manipulation. Now, that data stream is probably frequency hopping pseudo-randomly and spread across a vast portion of spectrum and also encrypted so inserting the attack from an external source is likely non-trivial. You'd be much more likely to compromise something in the transmitters local network but that's a lot different than 'hacking the radar return' and not really sci-fi.
|
|
#
?
Jan 14, 2019 21:25
|
|
|
I wonder if you could get enough inputs into a radar system's sensors to manage a buffer overrun the same way it's possible to re-program a nintendo with (frame perfect) controller inputs. Ignoring the fact that by the time you've done that you could have dealt with it in a myriad of more sensible ways, of course. Battle of the beams isn't on YT by itself anymore  Oh well have this instead: https://www.youtube.com/watch?v=GJCF-Ufapu8 Edit: Mortabis posted:Theoretically I guess you could execute, like, a buffer overflow or something if it has such a vulnerability and you have extremely detailed knowledge of the system behind it. But that's presupposing a lot, and the idea has come up so much that I'd be at least a little surprised if those inputs aren't sanitized. I'm not the only one who thought this. Whoops. Also you would probably also be surprised if all the fleet crown vics (cop cars) had the same key: https://youtu.be/rnmcRTnTNC8 I don't think institutions are particularly good at security. Jonny Nox fucked around with this message at 21:47 on Jan 14, 2019 |
|
#
?
Jan 14, 2019 21:39
|
|
|
Force de Fappe posted:I think you need to understand how computers and computer architecture works before starting to talk about things like killing radar control computers with a crafty signal. No you cannot do that, anymore than you can do it by sending SOOPA SEXRIT HAX CODES through the power grid. It just does not work that way. You can poke around on the job listings of any number of DoD civilian or defense contractor organizations and find they are very interested in hiring people with beefy clearances who understand computers and computer architecture to generate crafty signals. They're not just setting tax money on fire. Well, not any more than usual.
|
|
#
?
Jan 14, 2019 21:52
|
|
|
Slippery posted:Someone just saw the documentary "Independence Day" Or Battlestar Galactica
|
|
#
?
Jan 14, 2019 21:53
|
|
|
Jonny Nox posted:I wonder if you could get enough inputs into a radar system's sensors to manage a buffer overrun the same way it's possible to re-program a nintendo No, a radar, or even radio, isn't waiting for a carriage return or other special character to know you are done providing input. It's purely time based. Also, you can't overflow an A/D converter, they only give you data when you request it and only precisely as much data as their resolution. You can actually provide so many false responses that the screen looks like gibberish but that's not an overflow, that's just too many targets. However, as I said before, if that radar is acting line a radio that's providing digital comms to some backend system then that system is just as vulnerable as anything else. But that's not "overwhelming the sensors with inputs".
|
|
#
?
Jan 14, 2019 22:36
|
|
|
Murgos posted:or even radio, isn't waiting for a carriage return or other special character to know you are done providing input. +++ATH0
|
|
#
?
Jan 14, 2019 22:45
|
|
|
Input sanitization is easier to say than to do consistently. It's a corner that often gets cut and even then, individual programmers make mistakes and those mistakes don't always get caught. The information security industry won't run out of work any time... ever. Meanwhile, I like to fantasize about someone holding an insurance company for ransom because it sequenced their maliciously encoded DNA strand: https://www.wired.com/story/malware-dna-hack/
|
|
#
?
Jan 14, 2019 22:54
|
|
|
Murgos posted:But that's not "overwhelming the sensors with inputs". Isn't that basically how jammers work, in the analog sense... throw the freq at the radar that you detected and it transmitted with some wonky doppler poo poo and get false positives at the wrong range gates and mess up the acgs so you and your buddies can hide below the new artificial noise floor. With false targets being tracked. Of course it's much easier said than done.
|
|
#
?
Jan 14, 2019 22:55
|
|
|
Plinkey posted:Isn't that basically how jammers work, in the analog sense... throw the freq at the radar that you detected and it transmitted with some wonky doppler poo poo and get false positives at the wrong range gates and mess up the acgs so you and your buddies can hide below the new artificial noise floor. With false targets being tracked. The simplest jammers would just be white noise at the frequency the radars used. IIRC the first airborne jammer was literally transmitting the sound of a bomber's engines over the search radar's frequency.
|
|
#
?
Jan 14, 2019 23:01
|
|
|
Jonny Nox posted:Also you would probably also be surprised if all the fleet crown vics (cop cars) had the same key: It's an option some PDs can specify and even carries forwards to the Taurus/Explorer (I frequently use the 2001 CV key that I owned on our Tauruses at work). About half of the cop cars my company has used have been keyed alike or keyed individually depending on where they originated. They also typically don't use an RFID security module in the key so any proper cut key will start them.
|
|
#
?
Jan 14, 2019 23:28
|
|
|
Jonny Nox posted:Also you would probably also be surprised if all the fleet crown vics (cop cars) had the same key: That's not the least bit surprising. Having the same key is convenient.
|
|
#
?
Jan 14, 2019 23:30
|
|
|
Murgos posted:Actually, now that very advanced radars are also very high speed data communications systems this isn't that far fetched an idea. My bro, have you ever heard of a little book called “Snow Crash”?
|
|
#
?
Jan 15, 2019 01:20
|
|
|
hobbesmaster posted:Sweet summer child... Yeah, this...to be honest, I'd be surprised if our jamming systems couldn't exploit vulnerabilities in digital telecom equipment.
|
|
#
?
Jan 15, 2019 02:06
|
|
|
There's a reason a lot of systems, even networked ones, are still very tightly self-contained. That can sound counterintuitive, but it's not about no connectivity, but being careful about just what connectivity you allow. For example, radars may share Link-16 data, but just what data goes into and comes out of Link-16 is very carefully regimented. You're not just sending or receiving even encrypted raw proprietary weapon system data/processing. So a SAM system or fighter jet or whatever may be integrated into a network, but still effectively self-contained unless you have something like an insider threat where some nefarious actor on the ground has physical access to gently caress with the system. The military system equivalent of DDOS is easier to pull off than, from dozens or hundreds of miles away, hacking into some system using RF voodoo magic. EW and cyber can seem to blend at times, but in that sense, they're fairly distinct. EW jamming techniques != cyber-intrusion into software/hardware either via network breaches or physical security breaches (person shoving a wire/media/etc into a physical port on a system).
|
|
#
?
Jan 15, 2019 02:17
|
|
|
Neophyte posted:Defeat modern anti-air systems by bundling a program that lets you watch porn on the radar screens with malware, place them on USB drives, and launch DPCIM warheads stuffed with the drives at air defense site parking lots. DoD where's my grant money? The Russians already did this. https://www.crowdstrike.com/blog/danger-close-fancy-bear-tracking-ukrainian-field-artillery-units/ TL;DR for some reason Ukrainian artillery units had no easy way of doing targeting calculations except using some weird pirated android app on their smartphones that knew their locations. War starts, Ukranian artillery positions all explode immediately. Or something like that.
|
|
#
?
Jan 15, 2019 02:27
|
|
|
mlmp08 posted:There's a reason a lot of systems, even networked ones, are still very tightly self-contained. That can sound counterintuitive, but it's not about no connectivity, but being careful about just what connectivity you allow. Sure, I totally get and believe this but I'm thinking more along the lines of messing with civilian telecom.
|
|
#
?
Jan 15, 2019 02:38
|
|
|
Cat Mattress posted:That relies on having a perfect knowledge of the target radar system, so that you know how they'll process the data they receive, and how to exploit the outcome of their processing to run arbitrary code. There's literally an SA-8 in my parking lot at work. NightGyr posted:It's not inconceivable. Here's a totally fictional but not implausible scenario: This is basically what STUXNET was, but with spinning centrifuges. Godholio fucked around with this message at 03:57 on Jan 15, 2019 |
|
#
?
Jan 15, 2019 03:53
|
|
|
Godholio posted:There's literally an SA-8 in my parking lot at work. WELL THEN YOU'D BETTER GO AND CATCH IT! 
|
|
#
?
Jan 15, 2019 04:00
|
|
|
hobbesmaster posted:+++ATH0 Lol i remember using a commodode and a 300 baud modem and typing ATDT XxxXxxx And feeling like the physical embodiment of THE FUTURE when it connected 
|
|
#
?
Jan 15, 2019 04:03
|
|
|
Fun fact: cellular modems still use those commands.
|
|
#
?
Jan 15, 2019 05:48
|
|
|
And unsurprisingly, they're implemented in a hilariously insecure way. https://www.bleepingcomputer.com/news/security/smartphones-from-11-oems-vulnerable-to-attacks-via-hidden-at-commands/
|
|
#
?
Jan 15, 2019 06:58
|
|
|
Godholio posted:This is basically what STUXNET was, but with spinning centrifuges. Not really. STUXNET was introduced onto the controller network to infect the PLCs controlling the centrifuges with a worm exploiting a backdoor. It wasn't like the totally-not-US beamed fake signals from remote to fool the speed sensors or induced the malicious code through sensor inputs.
|
|
#
?
Jan 15, 2019 07:30
|
|
|
Plinkey posted:Isn't that basically how jammers work, in the analog sense... throw the freq at the radar that you detected and it transmitted with some wonky doppler poo poo and get false positives at the wrong range gates and mess up the acgs so you and your buddies can hide below the new artificial noise floor. With false targets being tracked. Maybe? Except that in this case the system is working as designed. The design is 'find strong returns, filter out weak returns' so the attacker is providing strong returns and masking it's own by abusing a dynamic adjustment in the electronics intended to defeat an earlier form of jamming (white noise saturation). I still don't think it's analogous to a buffer overflow and it also doesn't provide arbitrary code execution or even control of the target system.
|
|
#
?
Jan 15, 2019 14:02
|
|
|
I'm confident that enough fuzz testing of a radar system through the main antenna would reveal unexpected and interesting and exploitable behaviors.
|
|
#
?
Jan 15, 2019 15:34
|
|
|
shame on an IGA posted:I'm confident that enough fuzz testing of a radar system through the main antenna would reveal unexpected and interesting and exploitable behaviors. Yeah but the question is will they be fixed or ignored. Military contractors tend to get a focus on DELIVER DELIVER DELIVER.
|
|
#
?
Jan 15, 2019 16:20
|
|
|
|
| # ? Jun 1, 2024 05:41 |
|
|
darnon posted:Not really. STUXNET was introduced onto the controller network to infect the PLCs controlling the centrifuges with a worm exploiting a backdoor. It wasn't like the totally-not-US beamed fake signals from remote to fool the speed sensors or induced the malicious code through sensor inputs. I meant more about the physical destruction, not the introduction of the malware or whatever the proper term would be. I am completely unfamiliar with how that side of things works.
|
|
#
?
Jan 16, 2019 02:39
|
|