Full Report
No worries if the US doesn't want to be friends with Europe anymore Lockheed Martin's F-35 fighter aircraft can be jailbroken "just like an iPhone," the Netherlands' defense secretary has claimed.…
Analysis Summary
# Vulnerability: Potential Bypassing of Software Restrictions (Jailbreaking) on F-35 Lightning II
## CVE Details
- **CVE ID:** N/A (No specific vulnerability identifier assigned)
- **CVSS Score:** N/A (Not officially rated)
- **CWE:** CWE-693 (Protection Mechanism Failure) / CWE-1291 (Public Disclosure of Sensitive Information regarding Controls)
## Affected Systems
- **Products:** Lockheed Martin F-35 Lightning II fighter aircraft.
- **Versions:** Current operational software suites (potentially including the Block 4 updates).
- **Configurations:** Systems managed via the Autonomic Logistics Information System (ALIS) or the newer Operational Data Integrated Network (ODIN).
## Vulnerability Description
Based on public statements by the Netherlands' Defense Secretary, Gijs Tuinman, the software environment of the F-35 aircraft may be susceptible to "jailbreaking"—a process of removing software restrictions imposed by the manufacturer (Lockheed Martin) and the US government.
Technically, this suggests that the bootloader, operating system, or firmware integrity checks are not immutable. If European forces can "jailbreak" the system, it implies the existence of methods to bypass cryptographic signing, exploit local maintenance interfaces, or manipulate the ALIS/ODIN service packs to inject unauthorized code or enable features without official vendor authorization.
## Exploitation
- **Status:** **Theoretical / Claimed.** No public Proof of Concept (PoC) exists.
- **Complexity:** **High.** Requires specialist knowledge of avionics BUS systems, proprietary codebases, and cryptographic keys.
- **Attack Vector:** **Physical/Local.** Experts note that a "jailbreak" requires direct physical access to the aircraft or its ground support equipment (ALIS/ODIN). Remote exploitation (network-based) remains unverified.
## Impact
- **Confidentiality:** **High.** Unauthorized access could lead to the exposure of sensitive mission data, electronic warfare signatures, and proprietary flight control algorithms.
- **Integrity:** **High.** Successful jailbreaking allows for the modification of flight software, weapons integration, and mission systems.
- **Availability:** **Medium/High.** While it may bypass "kill switches," improper modification could lead to system instability or "bricking" the flight computer.
## Remediation
### Patches
- No specific security patches have been issued in response to these claims. Software updates for the F-35 are delivered via Lockheed Martin service packs every 1-2 years.
### Workarounds
- **Physical Security:** Strict access control to the aircraft and ground support stations.
- **Supply Chain Integrity:** Verification of service packs and updates delivered through the ALIS/ODIN network.
## Detection
- **Indicators of Compromise:** Discrepancies between hardware performance and logs, unauthorized software versioning, or failed cryptographic handshakes during system boot.
- **Detection Methods:** Regular audit of software hashes against known-good baselines provided by the manufacturer (Lockheed Martin).
## References
- **The Register Article:** hxxps[://]www[.]theregister[.]com/2026/02/18/f35_jailbreak_claims/
- **Dutch Podcast (Source):** hxxps[://]www[.]bnr[.]nl/nieuws/nieuws-politiek/10594175/staatssecretaris-van-defensie-tuinman-nederland-is-eind-2028-klaar-voor-een-russische-aanval
- **Lockheed Martin ALIS Overview (Background):** hxxps[://]www[.]youtube[.]com/watch?v=yqShP6R5P6g