NASA's system hacked with a $25 Raspberry Pi: Details here
Despite advancing significantly in space technology, NASA has persistently faced cybersecurity-related issues. Just last year, the agency's Jet Propulsion Laboratory had suffered a major breach, one that compromised critical mission-related data. And now, a new report has indicated that the attack was conducted with Raspberry Pi, a low cost, credit-card-sized computer that plugs into a computer monitor/TV. Here's all about the hack.
Raspberry Pi has long been serving as a basic, build-it-yourself computing machine, one that costs just around $25-35. However, a recent report from the US Office of the Inspector General has revealed that a cyber snooper used the same computer to break into two of JPL's network and stole as much as 500 megabytes of data from 23 files on their system.
Going by the report, the attackers gained access to information related to several key missions, including the one related to Curiosity rover, the car-like vehicle currently operating on Mars, collecting data. Additionally, the attackers were also able to use the attack as a way to dig deeper into JPL's network and access NASA's Deep Space Network, a chain of radio antennae for space-based communication.
After detecting the attack, the security team at Johnson Space Center in Houston took immediate remedial steps. They disconnected their systems with the compromised network in order to keep the hacker from sending malicious signals to active spaceflight missions, including the International Space Station. The connection was resumed nearly a year after the attack was discovered and mitigated.
Having said that, it still remains unclear who breached JPL's system and how they employed Raspberry Pi for the challenging task. The report noted that "improvements to JPL's security controls and increased oversight by NASA is crucial to ensuring the confidentiality, integrity, and availability of Agency data." However, it concluded that the agency has agreed to follow a plan to flag, avoid cybersecurity-related deficiencies.