A rogue Raspberry Pi helped hackers access NASA JPL systems

JPL might have the technology to make Martian rovers, but it's seriously lacking in cybersecurity measures.

Sponsored Links

Andrei Stanescu via Getty Images
Andrei Stanescu via Getty Images

NASA's Jet Propulsion Laboratory (JPL) suffers from multiple cybersecurity weaknesses despite the advances it has achieved in space technology, according to the agency's Office of Inspector General (PDF). Investigators looked into the research center's network security controls after an April 2018 security breach, wherein a Raspberry Pi that was not authorized to be linked to the JPL network was targeted by hackers. The attackers were able to steal 500 megabytes of data from one of its major mission systems, and they also used that chance to find a gateway that allowed them to go deeper into JPL's network.

Diving deeper into the system gave the hackers access to several major missions, including NASA's Deep Space Network -- its network of spacecraft communication facilities. As a result, the security teams of some sensitive programs, such as the Orion Multi-Purpose Crew Vehicle and the International Space Station, have chosen to disconnect from the agency's network.

In addition to having reduced visibility to devices connected to its network and to not keeping different parts of its network separate, investigators have also found instances of security tickets not being resolved for extended periods of time. In some cases, the tickets sat unresolved for as long as 180 days. The investigators have also noted that JPL's incident management and response practices deviate from NASA's recommendations.

Turn on browser notifications to receive breaking news alerts from Engadget
You can disable notifications at any time in your settings menu.
Not now

The OIG recommended a fix for all those issues, and NASA agreed to all of them except one: establishing a formal threat-hunting process to find flaws before they even cause issues. It will verify if JPL follows through before closing the investigation entirely.

Presenter: Dana Wollman
Script: Kris Naudus
Script Editor: Dana Wollman
Editor: Kyle Maack
Producer/Camera: Michael Morris

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publishing.
Popular on Engadget