According to the report, the hack took place back in 2018 after an unauthorized Raspberry Pi device connected to NASA’s JPL servers was targeted by hackers
Note: The headline of this article has been changed. The previous one stated that hackers used a Raspberry Pi device to hack into NASA’s system which was not correct.
Would you believe that even NASA’s security systems aren’t as reliable as we deem them to be? In fact, it is possible to hack NASA’s laboratory using $25 Raspberry Pi, as was revealed by the federal authorities after they conducted a review on the data breach involving one of NASA’s labs back in April 2018.
Reportedly, the Jet Propulsion Laboratory (JPL) of NASA was hacked in April 2018 and hackers managed to steal about 500 MB of data from the lab’s major mission system that is used to send robots in space. The hacker used a Raspberry Pi to access the system and exploit the security flaws within the network in order to successfully pull off the hack.
Raspberry Pi is a tiny device loaded with high-level capabilities. It is a very popular device because it can easily deceive and exploit a system and happens to be a relatively small and easy-to-handle device. Not to forget that it is extremely cheap as well. Perhaps this is why hackers use it instead of many other advanced gadgets to fulfill their nefarious objectives.
According to reports, NASA’s data breach was reviewed by the US Office of the Inspector General (OIG [PDF]) and the hack was traced back to an unauthorized Raspberry Pi device that was linked with the laboratory’s network. The device was exploited easily by the hacker(s) who managed to access various JPL systems as well as the Deep Space Network (DSN), the name given to the international range of giant radio telescopes of NASA.
It is also the world’s most sensitive and largest system of scientific telecommunications. Therefore, managing to access and exploit such a sensitive and high-end system using a cheap Pi device is definitely an issue of concern as it highlights the huge security flaws that were present in NASA’s network until 2018.
“Several of these weaknesses were exploited during an April 2018 security breach that resulted in the loss of approximately 500 megabytes of data.”
The review report also revealed that the system admins at NASA didn’t regularly update the inventory system and kept on adding new devices to the network. The report also included statements from system admins at NASA, one of whom admitted that:
“He didn’t regularly enter new devices into the ITSDB as required because the database’s updating function sometimes does not work and he later forgets to enter the asset information.”
NASA’s JPL’s network is shared instead of being segmented, which is another aspect that helped hackers access numerous of the space agency’s systems switch between different systems easily. With such poorly secure network setup anyone can gain access and send “malicious signals to human space flight missions,” the report explained.
Furthermore, the hack was also made a success due to the JPL systems’ overall “lack of visibility,” which means security officials never used to identify or review new devices that were being connected to the network on a regular basis.
Moreover, lack of appropriate security controls allowed third parties to connect to the IT systems of NASA and the space agency didn’t deal with security lapses as promptly as it is expected to since even the logged security flaws were left u resolved for over 180 days.
Nevertheless, now that the review report is published and the major shortcomings in NASA’s networks are identified, it is now the responsibility of NASA to ensure foolproof security systems.