Raspberry Pi Used to Hack NASA2019-06-20 17:00 by Daniela
Tags: Raspberry Pi, NASA
The U.S. National Aeronautics and Space Administration (NASA) this week confirmed that its Jet Propulsion Laboratory (JPL) has been hacked. According to a new report from NASA's Office of Inspector General (OIG), the security breach in question saw hackers target a NASA employee's Raspberry Pi device, which wasn't authorised to connect to the JPL's network.
While inside JPL's network, the hackers reportedly stole about 500MB of data related to human spaceflight. If they were just some jokers on the internet, that data isn't terribly useful. If, however, they represented an adversarial nation, the data could be extremely valuable. This would be bad enough, but the OIG review dived deeper and revealed more issues with the way JPL runs its networks.
"Moreover, system administrators did not consistently update the inventory system when they added devices to the network. Specifically, we found that 8 of 11 system administrators responsible for managing the 13 systems in our sample maintain a separate inventory spreadsheet of their systems from which they periodically update the information manually in the ITSDB," the report said.
"One system administrator told us he does not regularly enter new devices into the ITSDB as required because the database’s updating function sometimes does not work and he later forgets to enter the asset information. Consequently, assets can be added to the network without being properly identified and vetted by security officials. The April 2018 cyberattack exploited this particular weakness when the hacker accessed the JPL network by targeting a Raspberry Pi computer that was not authorized to be attached to the JPL network. The device should not have been permitted on the JPL network without the JPL [Office of the Chief Information Officer]'s review and approval."
Read more -here-