Latest in Gear

Image credit: Andrei Stanescu via Getty Images

A rogue Raspberry Pi helped hackers access NASA JPL systems

JPL might have the technology to make Martian rovers, but it's seriously lacking in cybersecurity measures.
1112 Shares
Share
Tweet
Share
Save

Sponsored Links

NASA's Jet Propulsion Laboratory (JPL) suffers from multiple cybersecurity weaknesses despite the advances it has achieved in space technology, according to the agency's Office of Inspector General (PDF). Investigators looked into the research center's network security controls after an April 2018 security breach, wherein a Raspberry Pi that was not authorized to be linked to the JPL network was targeted by hackers. The attackers were able to steal 500 megabytes of data from one of its major mission systems, and they also used that chance to find a gateway that allowed them to go deeper into JPL's network.

Diving deeper into the system gave the hackers access to several major missions, including NASA's Deep Space Network -- its network of spacecraft communication facilities. As a result, the security teams of some sensitive programs, such as the Orion Multi-Purpose Crew Vehicle and the International Space Station, have chosen to disconnect from the agency's network.

In addition to having reduced visibility to devices connected to its network and to not keeping different parts of its network separate, investigators have also found instances of security tickets not being resolved for extended periods of time. In some cases, the tickets sat unresolved for as long as 180 days. The investigators have also noted that JPL's incident management and response practices deviate from NASA's recommendations.

The OIG recommended a fix for all those issues, and NASA agreed to all of them except one: establishing a formal threat-hunting process to find flaws before they even cause issues. It will verify if JPL follows through before closing the investigation entirely.


Video
Presenter: Dana Wollman
Script: Kris Naudus
Script Editor: Dana Wollman
Editor: Kyle Maack
Producer/Camera: Michael Morris

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
1112 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's Guide to Privacy

Engadget's Guide to Privacy

View
Australia will help NASA go to the Moon and Mars

Australia will help NASA go to the Moon and Mars

View
Apple gets US approval for Mac Pro tariff exemptions

Apple gets US approval for Mac Pro tariff exemptions

View
TiVo says all retail DVR owners will see ads before recorded shows

TiVo says all retail DVR owners will see ads before recorded shows

View
Batman comes to 'Fortnite' along with Catwoman and Gotham City

Batman comes to 'Fortnite' along with Catwoman and Gotham City

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr