Slashdot Mirror
DARPA Unveils Hack-Resistant Drone
savuporo (658486) writes with news based on the work of a DARPA project known as High Assurance Cyber Military Systems: "'The Pentagon's research arm unveiled a new drone built with secure software that "prevents the control and navigation of the aircraft from being hacked. ... The software is designed to make sure a hacker cannot take over control of a UAS. The software is mathematically proven to be invulnerable to large classes of attack,' [HACMS program manager Kathleen] Fisher said." This is currently being demoed on a quad-copter platform. It would be interesting to know the CPU architecture, chipset, programming language and the suite of communication protol this thing uses ."
before someone takes over one of these babies ? I mean - for a challenge, this is about the same thing as waving a kilogram of prime steak in front of a pride of lions...
Religous speak to God. Insane are spoken to by God. When all shut up, one can finally hear Shostakovich in peace
How many ways is this ridiculous? In the summary alone, you have quite a lot of nonsense. First, they brag about secure software. Your software is supposed to be secure, especially for something like this. You don't get bonus points because you thought about security where weapons were concerned. That's like bragging about not shitting your pants. Of course their security software is designed to prevent hacking - that's the point. Then you have the mathematical proof, which is just a fancy way of saying they ran a code analysis tool and their software totes doesn't have buffer overflow vulnerabilities, guys! If they really got fancy with it, maybe they could test it against real life security penetration testers, but let's not get ahead of ourselves.
No kidding. I wouldn't even say "he hasn't missed a field goal in 43 attempts, this is a chip shot" because you'll put a rook on it and fail somehow. Heck, the US Government can't even put up a fricking (healthcare) website so how can they expect to succeed at making a "hacker proof drone"? 'Mathematically-proven" is like using the word "clinical" in front of a toothpaste...means nothing other than to hype a product...
Beware of bugs in the above code; I have only proved it correct, not tried it -- Donald Knuth
That summary says absolutely nothing. Are they implying that all previous drones have no security? Just connect to them and take over. Luckily some genius from DARPA came up with the brilliant idea of adding a password prompt.
--
Stay tuned for some shock and awe coming right up after this messages!
That's a misquote, like "Play it again, Sam."
"Note that I have not tested this code, I have merely proven it correct."
--Donald Knuth
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
"To determine who really rules, all you hafta do is ask: Who am I not allowed to misquote?"
- Voltaire
Yep, I especially loved this gem from the summary:
Anyone who knows anything about software and crypto knows you cannot make the software "invulnerable" to attacks. You can greatly decrease the number of bugs and known attack vectors. You can make it infeasible to brute-force your system using a realistic amount of computing power. But you do not know what you do now know, and the system cannot be 100% secure.
I would love to see how they "mathematically proved" it is 100% secure (invulnerable, remember).
24 beers in a case, 24 hours in a day. Coincidence? I think not!
I admit that the article doesn't go into any technical details, but the number of comments here that are completely ignorant of what formal verification is and reject that it is even possible is...disturbing. (See CompCert for a real-world example of this practice.) Since the article was so bad, I don't know what the team actually did, but "mathematically proven to be invulnerable to large classes of attack" is exactly the sort of prudent statement I would expect from someone who has done good work making a hardened system.