NASA has disclosed that there was a security breach on its Jet Propulsion Laboratory(JPL) which allowed hackers to steal mission systems data from the space agency. The interesting thing about the data breach is that the hacker had accessed NASA’s network with the help of a Raspberry Pi – a pocket-sized computer that connects to the internet.
The security breach was revealed by NASA Inspector General Office of Audits and said the hacker stole 500MB of major mission systemsdata which was discovered in April 2018. The 500MB of data downloaded from NASA’s servers included 23 files, two of which contained information related to the Mars Curiosity Rover mission and the transfer of restricted military and space technology for the mission.
The hack was live and undetected for almost 10 months. Even though the Raspberry Pi wasn’t authorised for NASA’s JPL network, it was able to access and steal data through a web app called Information Technology Security Database (ITSDB). The web app is what is used to track and manage network applications and physical assets and was only accessible to ‘IT resources’.
Following the hack, NASA has stopped some of its agencies from using a core gateway as a means to prevent the hacker from harming a currently active spacecraft.
The report also entails that “the attacker successfully accessed two of the three primary JPL networks. Officials were concerned the cyber-attackers could move laterally from the gateway into their mission systems, potentially gaining access and initiating malicious signals to human space flight missions that use those systems”.
The data breach, as reported by NASA, was a result of a system administrator failing to update the database, which allowed new devices to be added to the network without verification. NASA’s JPL division has since then installed “additional monitoring agents” on its firewalls.
It’s interesting to note that all this was done through a Raspberry Pi device. The credit card-sized computer is available for as low as $35 (approx. Rs. 2,500) and is primarily used to teach kids how to use a computer and beginners on coding. The Raspberry Pi has gained popularity for allowing individuals to carry DIY projects and is also a cheaper means to encourage the use of computers in developing countries.