[Updated] Air Force Special Operations Command using Russian encryption software on made-in-China iPADs

Even if they might be called to face Chinese and Russia almost everywhere between Middle East and Asia (or even perform missions inside China or Russia in a less likely WWIII scenario), the Air Force Special Operations Command (AFSOC) planes will fly those special operations relying on products developed and sold by some of more dangerous U.S. adversaries.

In fact, the AFSOC in January decided to buy about 2,800 made-in-China Apple iPAD2 tablets to transition from printed documents to electronic devices capable of maintaining and updating the required publications. In other words, instead of using cumbersome booklets difficult to update, flight crews will be able to browse through hundreds navigation and approach charts, and technical manuals in PDF format.

Unfortunately, even if the use of iPADs offers a cost-effective solution to deliver documents and updates in a near-instantaneous standardized manner, the software that will have to secure the data inside the device “even if the device gets lost or stole” is developed and updated in Russia.

According to a Nextgov article by Bob Brewin, GoodReader is a Russian software that supports most common document file formats and also allows the user to view and save web pages, and download, listen to or view photos, audio and videos. But, above all, it can also encrypt files using Apple data protection APIs that will continue to protect the files “even if an attacker jailbreaks your device and uses various hacking techniques to access encrypted files.”

So, after the concerns about the integrity of the iPAD’s hardware supply chain in China, now someone is complaining that special ops crews will soon have to rely on Russian-developed encryption software.

Most probably the source code will be inspected and tested to ensure that it does not contain malicious code.

However not only malware built in the software can be used against AFSOC planes using: what if a licit update operation is used to inject wrong data in the navigation charts used by the U.S. aircrews? In certain conditions, a wrong airport elevation or a lower MEA (Minimum Enroute Altitude) could jeopardise the safety of the flight even if the crew can rely on many other navigation instruments working properly. And what about a Zero-Day attack launched to exploit an unknown vulnerability of the software?

Having said that, the risk of wrong data injection (in this case for human error) or of software glitch exposing the device to hackers attacks also affect domestic software.

Update Feb. 21, 2012 13.50GMT

Looks like the AFSOC has canceled its planned purchase of iPAD2 tablets. Security concerns behind this choice?

About David Cenciotti
David Cenciotti is a journalist based in Rome, Italy. He is the Founder and Editor of “The Aviationist”, one of the world’s most famous and read military aviation blogs. Since 1996, he has written for major worldwide magazines, including Air Forces Monthly, Combat Aircraft, and many others, covering aviation, defense, war, industry, intelligence, crime and cyberwar. He has reported from the U.S., Europe, Australia and Syria, and flown several combat planes with different air forces. He is a former 2nd Lt. of the Italian Air Force, a private pilot and a graduate in Computer Engineering. He has written five books and contributed to many more ones.