The National Aeronautics and Space Administration confirmed that its Jet Propulsion Laboratory (JPL) was hacked last year, with the attacker able to steal 500 MB of data related to the space agency’s missions using a cheap Raspberry Pi computer.
The Raspberry Pi, priced at about $36 for the basic board, is one of the most versatile and understated computing platforms available in the market. The credit card-sized computer is perfect for projects such as a retro gaming station or a smart home gadgets base station, but a hacker has apparently found a twisted use for it.
NASA, in an audit report, revealed that in April 2018, JPL discovered an account that belonged to external user was compromised, and was used to steal about 500 MB of data from one of its major mission systems.
The account was compromised by a hacker who used a Raspberry Pi to gain unauthorized access to the JPL network. The attacker then took advantage of the weaknesses in the laboratory’s network to remain undetected for 10 months, stealing 23 files in the process. Two of these files contained information on International Traffic in Arms Regulations, which controls the transfer of military and space-related technology, related to the Mars Science Laboratory Mission.
The auditors discovered that users on JPL’s network were able to enter systems and applications that they were not approved to access. The system administrators also did not properly track the devices added to the network. These shortcomings allowed the hacker to deeply infiltrate the network and remain undetected for a long time.
The breach was so widespread that the Johnson Space Center, which is responsible for programs such as the International Space Station, disconnected from the gateway. The space center’s officials were concerned that the hacker might be able to move into their mission systems, which may give the attacker the ability to send malicious signals to human space flight missions.
NASA and its laboratories are lucrative targets for hackers due to the agency’s research and development, which includes patents on cutting-edge technology, information security analyst Mike Thompson told Forbes. Ethical hacker John Opdenakker, meanwhile, pondered why NASA published the audit report, when it clearly stated that there were still some “critical vulnerabilities” at JPL’s systems.