Even if they might be called to face Chinese and Russia almost everywhere between Middle East and Asia (or even perform missions inside China or Russia in a less likely WWIII scenario), the Air Force Special Operations Command (AFSOC) planes will fly those special operations relying on products developed and sold by some of more dangerous U.S. adversaries.
In fact, the AFSOC in January decided to buy about 2,800 made-in-China Apple iPAD2 tablets to transition from printed documents to electronic devices capable of maintaining and updating the required publications. In other words, instead of using cumbersome booklets difficult to update, flight crews will be able to browse through hundreds navigation and approach charts, and technical manuals in PDF format.
Unfortunately, even if the use of iPADs offers a cost-effective solution to deliver documents and updates in a near-instantaneous standardized manner, the software that will have to secure the data inside the device “even if the device gets lost or stole” is developed and updated in Russia.
According to a Nextgov article by Bob Brewin, GoodReader is a Russian software that supports most common document file formats and also allows the user to view and save web pages, and download, listen to or view photos, audio and videos. But, above all, it can also encrypt files using Apple data protection APIs that will continue to protect the files “even if an attacker jailbreaks your device and uses various hacking techniques to access encrypted files.”
So, after the concerns about the integrity of the iPAD’s hardware supply chain in China, now someone is complaining that special ops crews will soon have to rely on Russian-developed encryption software.
Most probably the source code will be inspected and tested to ensure that it does not contain malicious code.
However not only malware built in the software can be used against AFSOC planes using: what if a licit update operation is used to inject wrong data in the navigation charts used by the U.S. aircrews? In certain conditions, a wrong airport elevation or a lower MEA (Minimum Enroute Altitude) could jeopardise the safety of the flight even if the crew can rely on many other navigation instruments working properly. And what about a Zero-Day attack launched to exploit an unknown vulnerability of the software?
Having said that, the risk of wrong data injection (in this case for human error) or of software glitch exposing the device to hackers attacks also affect domestic software.
Update Feb. 21, 2012 13.50GMT
Looks like the AFSOC has canceled its planned purchase of iPAD2 tablets. Security concerns behind this choice?
- Pakistan Air Force making iPads (nation.com.pk)
- U.S. Air Force May Purchase 18,000 iPads (mobilemarketingwatch.com)
- US Air Force Special Ops Command changes iPad purchase plans (tuaw.com)