Posted on 2019/06/23
By Mayukh Saha / Truth Theory
In another bizarre ‘How on earth was it possible?’ news, one of NASA’s labs was hacked last year by a $25 Raspberry Pi Device. This news comes after a survey was taken of the breach and related security issues in NASA.
The Jet Propulsion Laboratory , which is specifically designed to send robots to space was hacked last year. The hacker took 500 MB of important data which was all about the next missions that NASA was involved in. How? Well, they simply used a $25 Raspberry Pi which successfully breached through the paltry security of the place.
Not much of a genius, then?
What is Raspberry Pi?
Well, it is a very popular device that is loaded with several hi-tech capabilities. It is cheap, it can store data up to a huge limit, has a good shelf time, and is easy to use and carry. Probably why most hackers use this instead of other large scale hacking devices, that might get the job done better, but would also require a lot of manpower.
As the reports say, the breach in NASA’s data was examined by the US office of the Inspector General , who then traced it back to an unauthenticated Raspberry Pi device that was connected to one of the laboratory’s network consoles. The device not only stole data, but the hackers also accessed the Deep Space Network, the name popularly given to the giant set of radio telescopes that NASA operates.
Also, being that this is the world’s largest system of scientific telecommunications, this breach in security was seen as worrying, especially because someone got away with a boatload of data on such a cheap device. More so than worrying, it was shameful that an organisation as important as NASA had such faulty networks till 2018.
The review also stated that most of the workers in the labs didn’t update the inventory as they kept on increasing the number of devices to the main network. In fact, one worker admitted that the servers sometimes didn’t work when they were trying to add networks. And later, they simply forgot to assimilate it all.
Further, the network of JPL isn’t isolated or segmented. It is shared with the other sectors. This also enabled the hackers to easily go through multiple networks and in the main server of JPL. This is particularly worrying, for such a poor setup for network security might get potentially dangerous as malicious signals would be sent to jeopardise missions in space.
Also, this hack was successful because security officials never really checked in on which devices were connected and to what. This led to a lack of visibility, which could easily be exploited.
What is perhaps most surprising is that even after the breach was discovered, no steps were taken for 180 days and the matter was unresolved. In this period, third-party servers were allowed to connect to the main system, without much security check.
And that is damning.
Well, hopefully, NASA would learn from its mistakes and upgrade its security protocol to prevent such events from transpiring.
Thanks to: https://truththeory.com