If it’s anything like the code in passenger vehicles or airplanes, it is:
- spaghetti code that’s difficult or impossible to formally exercise fully in unit, comprehensive, or proof-centric testing
- delivered as compiled binaries for industrial-chip architectures by e.g. Renesas that have extremely hardened hardware and resilience
- annoying but feasible to reverse engineer in Ghidra
- designed to prioritize repairability over firmware signature enforcement
- has an undocumented but wire-sniffable protocol for firmware updates
So I am of a mind to take their statement at face value, because it’s vanishingly unlikely that the U.S. disallows field patching of a warplane due to lacking a crypto private key, much less bothers to spend money on crypto-attestation style locks. This is USgov military-industrial, not Bay Area marketer tech à la Google; competent security practices in deployed hardware are not likely to be the norm, especially not when every plane includes armed guards free of charge to the contract.
If I were a competent defense partner with the USgov, I would have already commissioned and complete a full decompilation, because duh. That the Dutch are saying this openly is charming but not particularly surprising. Presumably there’s a US backdoor in the IFF module, for instance, and while it’s fine to leave it in place, it’s better than fine to patch a warning alert in so that you know when it’s exercised. This is basic defense programming 101 stuff here, right? .. right?
American's are fierce at ramming their laws into throats of others, but when EU says that Parmesan cheese can only come from Italy, they are immediately throwing a hissy fit.
- spaghetti code that’s difficult or impossible to formally exercise fully in unit, comprehensive, or proof-centric testing
- delivered as compiled binaries for industrial-chip architectures by e.g. Renesas that have extremely hardened hardware and resilience
- annoying but feasible to reverse engineer in Ghidra
- designed to prioritize repairability over firmware signature enforcement
- has an undocumented but wire-sniffable protocol for firmware updates
So I am of a mind to take their statement at face value, because it’s vanishingly unlikely that the U.S. disallows field patching of a warplane due to lacking a crypto private key, much less bothers to spend money on crypto-attestation style locks. This is USgov military-industrial, not Bay Area marketer tech à la Google; competent security practices in deployed hardware are not likely to be the norm, especially not when every plane includes armed guards free of charge to the contract.
If I were a competent defense partner with the USgov, I would have already commissioned and complete a full decompilation, because duh. That the Dutch are saying this openly is charming but not particularly surprising. Presumably there’s a US backdoor in the IFF module, for instance, and while it’s fine to leave it in place, it’s better than fine to patch a warning alert in so that you know when it’s exercised. This is basic defense programming 101 stuff here, right? .. right?