DARPA Showcases Hacker-Proof Software at 2021 DEF CON
The Defense Advanced Research Projects Agency invited hackers to break into software designed for remote-controlled quadcopters.
During the 2021 DEF CON, a convention-within-a-convention that focused on hacking air and spacecraft, participants demonstrated the vulnerability of conventional software architectures for flight control and the importance of high-assurance software techniques such as DARPA’s High-Assurance Cyber Military Systems.
Aug. 6 marked the first time that DARPA invited hackers to take over quadcopters but according to DARPA Information Innovation Office Program Manager Ray Richards, none succeeded, Air Force Magazine reported.
In a video presentation, a red team of hackers exploited an unpatched software flaw in a quadcopter’s video camera, allowing them to break into the mission control system. Once inside the camera, the hackers overwrote the encryption keys that protected the command and control communications of the quadcopter with its ground base, hijacking the craft and flying it back to the hackers’ base.
However, using a technique called “formal methods,” the HACMS software ensured the absence of software flaws that let hackers break into and take over computer systems.
Hacking professionals were not able to hack the quadcopter’s formal methods-built software because the architecture “rigidly” separated the different functions of the quadcopter’s mission control system.
Despite being able to break into the video camera software, hackers could not access command and control.
According to Collins Aerospace’s Darren Cofer, hackers could do anything they wanted with the video camera, but the quadcopter can still continue flying without having its C2 impacted from the legitimate ground station.
Richards also noted that more commercial companies are now using formal methods, which was previously regarded as too expensive and laborious.
In July, Google and Firefox were reportedly using formal methods-verified components in their web browsers, with Amazon Web Services also employing the technique for particular components of its critical cloud services.
Tags: Air Force Magazine Amazon Web Services Collins Aerospace cybersecurity DARPA Darren Cofer DEF CON Defense Advanced Research Projects Agency Firefox formal methods Google HACMS High-Assurance Cyber Military Systems Ray Richards