Jump to content


Photo
- - - - -

A rogue Raspberry Pi helped hackers access NASA JPL systems


  • Please log in to reply
No replies to this topic

#1 pete_c

pete_c

    Cocoonut

  • -=Gold Supporter=-
  • 9507 posts
  • Location:House
  • Experience:average
  • Software:Main Lobby, Open Source Automation
  • Hardware:HAI OmniPro II, Mi Casa Verde Vera, Ocelot
  • Tech:X10-PLC, X10-RF, UPB, INSTEON, Z-Wave, ZigBee, 1-Wire, xAP, xPL, ALC
  • Audio:Russound
  • Video:MythTV
  • CCTV:analog, ip, dvr
  • Phone:Asterisk, FreePBX, Ooma, POTS, VoIP via ISP

Posted 20 June 2019 - 08:21 AM

Mariella Moon, @mariella_moon

Engadget
20th of June, 2019

 


NASA's Jet Propulsion Laboratory (JPL) suffers from multiple cybersecurity weaknesses despite the advances it has achieved in space technology, according to the agency's Office of Inspector General (PDF). Investigators looked into the research center's network security controls after an April 2018 security breach, wherein a Raspberry Pi that was not authorized to be linked to the JPL network was targeted by hackers. The attackers were able to steal 500 megabytes of data from one of its major mission systems, and they also used that chance to find a gateway that allowed them to go deeper into JPL's network.

Diving deeper into the system gave the hackers access to several major missions, including NASA's Deep Space Network -- its network of spacecraft communication facilities. As a result, the security teams of some sensitive programs, such as the Orion Multi-Purpose Crew Vehicle and the International Space Station, have chosen to disconnect from the agency's network.

In addition to having reduced visibility to devices connected to its network and to not keeping different parts of its network separate, investigators have also found instances of security tickets not being resolved for extended periods of time. In some cases, the tickets sat unresolved for as long as 180 days. The investigators have also noted that JPL's incident management and response practices deviate from NASA's recommendations.

The OIG recommended a fix for all those issues, and NASA agreed to all of them except one: establishing a formal threat-hunting process to find flaws before they even cause issues. It will verify if JPL follows through before closing the investigation entirely.

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users