NASA's system hacked with a $25 Raspberry Pi: Details here
What's the story
Despite advancing significantly in space technology, NASA has persistently faced cybersecurity-related issues. Just last year, the agency's Jet Propulsion Laboratory had suffered a major breach, one that compromised critical mission-related data. And now, a new report has indicated that the attack was conducted with Raspberry Pi, a low cost, credit-card-sized computer that plugs into a computer monitor/TV. Here's all about the hack.
Attack
Basic, build-it-yourself Raspberry Pi used for hacking
Raspberry Pi has long been serving as a basic, build-it-yourself computing machine, one that costs just around $25-35. However, a recent report from the US Office of the Inspector General has revealed that a cyber snooper used the same computer to break into two of JPL's network and stole as much as 500 megabytes of data from 23 files on their system.
Compromised data
What kind of data was compromised
Going by the report, the attackers gained access to information related to several key missions, including the one related to Curiosity rover, the car-like vehicle currently operating on Mars, collecting data. Additionally, the attackers were also able to use the attack as a way to dig deeper into JPL's network and access NASA's Deep Space Network, a chain of radio antennae for space-based communication.
Steps
NASA took immediate steps to control the attack's impact
After detecting the attack, the security team at Johnson Space Center in Houston took immediate remedial steps. They disconnected their systems with the compromised network in order to keep the hacker from sending malicious signals to active spaceflight missions, including the International Space Station. The connection was resumed nearly a year after the attack was discovered and mitigated.
Hacker
Security being bolstered but no word on the hacker
Having said that, it still remains unclear who breached JPL's system and how they employed Raspberry Pi for the challenging task. The report noted that "improvements to JPL's security controls and increased oversight by NASA is crucial to ensuring the confidentiality, integrity, and availability of Agency data." However, it concluded that the agency has agreed to follow a plan to flag, avoid cybersecurity-related deficiencies.