# Off-topic: F-35 spyware



## Snurg (Jan 11, 2018)

The news is almost two months old. As it hasn't been spread much and I think some forums members will like to know, I'll share that here anyway.


> *Norwegian defense officials soon discovered that their fancy fleet of F-35s also automatically transmit sensitive data to Lockheed Martin’s servers in Fort Worth, Texas, after each flight.
> 
> “Due to national considerations, there is a need for a filter where the user nations can exclude sensitive data from the data stream that is shared by the system with the manufacturer Lockheed Martin,” said Defense Ministry senior consultant Lars Gjemble, as cited by Norway’s ABC Nyheter.
> 
> Although Gjemble hailed the F-35 as a major upgrade for Norway’s air capabilities, he also stressed that the data being beamed to Fort Worth could potentially compromise the security of the pilot, likening Lockheed’s data leeching to “information your iPhone shares with the manufacturers.”*




This is a hot topic, and there is an interesting thread about that on a Pakistani defense forum.
This reminds me of the remote-control software included in the Boeing passenger jets.
To my knowledge, only German Lufthansa took the effort to remove that backdoor, making it invulnerable to attacks like 9/11.


----------



## Maelstorm (Jan 14, 2018)

Who over at Lockheed Martin thought that it was a good idea to have the plane phone home?  That is the stupidest thing that I have heard of.  A manufacturer implements a backdoor on a piece of equipment that is designed to kill people.  All we need now is some enterprising hacker to use this and turn the weapon on back on the owners.  Good Job there Lockheed; you really knocked one out of the ballpark with that one.


----------



## Handsome Jack (Jan 14, 2018)

Maybe it is just for telemetry data like nvidia or win10, or just for updating F35 software ... 
`# root@f35_console # FreeLockheedMartinSoftwareDistribution-update install`


----------



## Snurg (Jan 14, 2018)

@HandsomeJack your post made me ROFL 

*rrrrinnnng*   *rrrrinnnng*   <urgent interception alarm>
Pilot rushes to jet and starts it.
Suddenly HUD displays a spinner: "Updating the software. Please wait patiently. Do not turn off the computer."


----------



## herrbischoff (Jan 15, 2018)

Yes, "just telemetry data". Meta data really. And we all know that meta data is fundamentally useless in creating behavior patters and profiles. Like everyone nowadays collect. Do the pilots have to accept a 360-page EULA detailing this somewhere in section 74, paragraph 11 as well before being able to use the on-board systems?


----------



## tingo (Jan 15, 2018)

Everyone (as in "all vendors / creators of software") today includes telemetry / phone home capability in their products. The only difference is in how open they are about this to the buyers. Some are open; they tell their buyers about it in detail, and maybe even allows the buyer to change / opt-out of the telemetry transmission. While others "forget" to tell the buyers that they have included this capability in their product. Maybe this current practice will change over time as we get more cases where this is abused. We shall see.


----------



## Handsome Jack (Jan 15, 2018)

tingo said:


> Everyone (as in "all vendors / creators of software") today includes telemetry ...


Sadly, it is true. I wonder if envidia will implement telemetry on Linux or FreeBSD proprietary drivers.
Notice how topic F-35 spyware becoming topic 'Telemetry'


----------

