Summary of “The Pentagon’s Weapons Are ‘Easily Hacked’ With ‘Basic Tools'”

The Pentagon didn’t bother to change the default passwords on “Multiple” weapon systems using commercial or open source software, the report says, essentially treating cutting edge military tech like a lazy person treats a new internet router.
“The own testing shows they can be pretty easily hacked,” Cristina T. Chaplain, the lead author of the report, said on the GAO’s podcast on Tuesday.
“In one case, it took a two-person test team just one hour to gain initial access to a weapon system and one day to gain full control of the system they were testing,” the GAO report said.
Another team easily took control of a the operator’s terminal for an unspecified weapon system and watched in real-time as the operators responded to the hackers’ disruptions.
Image: GAO. The GAO has been warning the Pentagon about the software vulnerabilities in weapon systems as far back as 1997, but the military has done little to fix the problems.
The Pentagon wasn’t practicing basic internet security hygiene, the GAO report found.
In another test, simply scanning a weapons system for vulnerabilities was enough to shut parts of the system down.
The GAO said that most of the officials it met with felt their weapons systems were secure, even if they’d never been tested.

The orginal article.