Claims about modifying the F-35’s software program increase respectable sovereignty questions. However cybersecurity structure, cryptography, and sustainment realities outline strict limits on what can and can’t be carried out.
As we reported intimately in a earlier story, on Feb. 15, 2026, speaking to the BNR Nieuwsradio Podcast, Dutch State Secretary for Defence Gijs Tuinman steered that the F-35’s software program may theoretically be “jailbroken,” drawing a comparability with modifying an iPhone.
“I’m going to say one thing I ought to by no means say, however I’ll do it anyway. Identical to your iPhone, you possibly can jailbreak an F-35. I gained’t say extra about it.”
Evidently, his remarks made the information, reigniting debate about software program sovereignty, operational independence, and management over fifth era plane, one thing we’ve got usually commented right here at The Aviationist.
Typically talking, evaluating it to a well-liked smartphone is efficient in capturing the general public creativeness (and this Writer has used the analogy earlier than to elucidate primary ideas behind trendy fight plane to most of the people), nevertheless it turns into deceptive when taken too actually.
In truth, the Lockheed Martin F-35 Lightning II is (fairly clearly) not a smartphone and its software program structure was by no means designed to permit operator-level modification within the first place.
Whereas the detailed inner implementation of the F-35’s mission methods stays categorised, the cybersecurity and avionics engineering ideas used to guard methods of this type are nicely understood. These ideas enable us to do a actuality examine and set up sensible boundaries round what may, and extra importantly what couldn’t, be achieved by makes an attempt to change, bypass, or independently management the plane’s software program.
Understanding why requires trying on the plane not merely as a fighter, however as a safe, software-defined fight system (also known as a “system of methods”) constructed round cryptographic belief, managed software program provide chains, and tightly built-in sustainment infrastructure.
The F-35 is just not a client machine
A easy on-line search will present that jailbreaking refers back to the strategy of eradicating software program restrictions imposed by the producer with the intention to achieve full root entry to the working system. This enables customers to put in unauthorized purposes, customise the person interface, and take away pre-installed software program, successfully bypassing the seller’s built-in safety mechanisms.
That idea applies to client units as a result of these units are designed to assist user-level software program set up and developer entry.
The F-35 is just not.
Even with out detailed information of the F-35’s cybersecurity structure, it’s cheap to imagine it’s no less than on par with, if no more superior than, trendy army avionics methods dealing with delicate mission knowledge and weapons integration. These methods depend on state-of-the-art hardware-rooted belief mechanisms, cryptographic authentication, and tightly managed software program loading processes designed to make sure that solely licensed and validated software program can execute.
In apply, this implies software program elements should be authenticated and verified earlier than being allowed to run, stopping unauthorized or modified code from being launched into mission-critical methods.
With out entry to trusted software program signing infrastructure, cryptographic credentials, and licensed software program deployment pipelines, independently putting in or modifying operational mission system software program can be terribly tough.
This method is just not distinctive to any single plane. It displays customary safety practices used throughout trendy army platforms, safe communications methods, and important infrastructure, the place belief is enforced by cryptographic assurance and managed software program provide chains relatively than bodily entry alone.
Why entry to the plane alone is just not sufficient
The F-35’s software program contains hundreds of thousands of traces of code (+8M based on most sources), enabling sensor fusion, digital warfare, mission administration, and weapons integration. However complexity alone doesn’t safe the system (fairly the other). Essential elements are protected by digital signing, encryption, and hardware-based belief anchors (the equal of {Hardware} Safety Modules or HSMs, used within the IT world) that guarantee software program authenticity and integrity.
Even when software program binaries had been extracted, modifying and redeploying them in an operational plane would in all probability require entry to:
Cryptographic signing and encryption keys
Software program construct environments
Integration and validation methods
Trusted software program distribution pipelines
With out these, any modification would fail authentication or danger rendering the system unstable or inoperable. This displays a core cybersecurity precept: possession doesn’t equal management. Belief should be established, verified, and repeatedly validated, by no means assumed. This precept kinds the inspiration of what’s often called the Zero Belief safety mannequin.
Somebody steered the Dutch State Secretary for Defence could have used the fallacious time period, as he might need been referring to reverse engineering the F-35 relatively than jailbreaking it. Typically talking, software program will be analyzed by reverse engineering, revealing its construction, logic, and performance. Nonetheless, understanding how the code works is just not the identical as safely modifying and working it. The latter can be an awfully advanced and dangerous endeavor.
The Dutch State Secretary’s remarks could have referred much less to hacking and extra to the broader query of software program sovereignty: whether or not operators can independently replace, modify, and maintain the plane with out counting on the unique producer or U.S.-controlled sustainment infrastructure.
It is a respectable strategic query; nonetheless, essentially totally different from “jailbreaking.”
Trendy fight plane software program isn’t just code. It exists inside a managed software program provide chain that features growth environments, validation frameworks, and safe distribution methods.
Recreating the identical ecosystem independently would require constructing an entire sovereign software program sustainment functionality, not merely accessing or modifying onboard methods. And, final however not least, trying to independently modify software program outdoors official assist channels may create authorized, technical, and operational penalties, together with potential lack of producer assist and sustainment entry.
The position of ODIN
As defined, the F-35 is just not a standalone system. As all most trendy fight plane, it is dependent upon sustained entry to spare components, upkeep assist, element restore, software program updates, and risk intelligence integration. That’s why one other important side that has usually come below the highlight is the position of the plane’s infologistic system, initially often called ALIS, and now changed by ODIN (Operational Information Built-in Community).
ODIN capabilities because the plane’s world software program and sustainment infrastructure, managing upkeep knowledge, mission planning assist, configuration management, and software program updates. Plane and assist methods trade knowledge with nationwide and centralized infrastructure that permits fleet-wide software program updates, configuration integrity, and sustainment planning.
This structure ensures operational consistency, security, and cybersecurity throughout the worldwide fleet. For that reason, impartial software program modification would require not simply entry to onboard methods, however the means to duplicate or substitute key parts of this trusted sustainment and software program distribution infrastructure, most of these should not even in nation however managed by the U.S.
Functionality dependency
Finally, the identical design decisions that make the F-35 exceptionally resilient towards tampering, reverse engineering, or unauthorized modification additionally be certain that its most superior capabilities stay depending on a managed and repeatedly maintained software program and assist framework.
Whereas the often-repeated notion that america may merely disable foreign-operated F-35s by way of a distant “kill swap” is an oversimplification that doesn’t replicate how the plane really operates, the F-35 is essentially a software-defined platform whose effectiveness relies upon closely on steady entry to U.S.-managed updates, mission knowledge recordsdata (MDFs), and the broader sustainment and logistics ecosystem.
In different phrases, the plane can’t be abruptly switched off remotely, however its long-term fight worth is inseparable from continued entry to the ecosystem that sustains it: the results of “disconnecting” the F-35 is just not an instantaneous shutdown or incapability to fly, however a gradual erosion of functionality. The plane transitions from a front-line, absolutely networked fifth-generation platform into one thing progressively much less survivable and fewer efficient towards trendy threats.
Right here’s the place the comparability between an F-35 and an iPhone actually work: in case you cease updating your smartphone, it doesn’t abruptly cease working as you possibly can nonetheless make calls and ship messages. However over time, it turns into outdated, unable to assist new apps, safety patches, or superior functionalities, or work together with different, up to date, smartphones. Ultimately, it reaches a degree the place it could possibly solely carry out essentially the most primary duties, making it irrelevant…
What adversaries would realistically search from entry to an F-35
One would possibly surprise: if the F-35 can’t be “jailbroken” why are all of the operators anxious it may very well be studied by Russia or China? Certainly, up to now, we’ve got reported on the efforts undertaken by the U.S. and companion nations to recuperate F-35 airframes that had crashed at sea earlier than they might fall into enemy palms. Notable examples embody the advanced restoration of a British F-35B that crashed into the Mediterranean Sea in 2021 and the race to retrieve a U.S. Navy F-35C that went down within the South China Sea in early 2022. These restoration operations, carried out at important technical and monetary value and infrequently below intense time stress, had been carried out to guard the airframe itself relatively than the “supply code” working on it. The airframe embodies many years of analysis, testing, and engineering refinement.
If an adversary had been ever to achieve entry to 1 (in good condition), essentially the most worthwhile insights would possible come not from trying to rewrite its code, however from finding out its bodily and digital structure. Sensor integration alone, together with radar arrays, distributed aperture methods, and digital warfare {hardware}, would provide important clues about how the plane achieves its situational consciousness and survivability. Low observable coatings, structural shaping, and materials composition can be fastidiously analyzed to raised perceive signature administration throughout radar and infrared spectrum. Elements of the intakes and of the Pratt & Whitney F135 engine, often intently guarded from pictures at shut distance below sure circumstances, would all characterize high-value intelligence targets.
Traditionally, when superior plane have been captured or obtained by defections, exploitation efforts have targeted totally on {hardware} traits, supplies science, propulsion efficiency, and aerodynamic conduct. So far as we all know, software program takeover has by no means been the first goal. As an alternative, the aim has been to know design philosophy, establish potential weaknesses, and inform countermeasure growth or future indigenous packages. We had been in a unique period, when plane had been much less “software-defined” than they’re at this time, nevertheless it’s secure to imagine that entry to the plane would certainly matter, however primarily not for the explanations steered within the “jailbreak” narrative.
