Raspberry Pi Used to Steal 500MB of Data via NASA’s JPL
Ron Perillo / 4 weeks ago
Hackers Connected Raspberry Pi to JPL Networks
The Raspberry Pi is a versatile little tool that is quite the darling of the DIY community. Mostly due to its low-cost and functionality. While many hobbyists use it for homemade projects, there are also others who use it for nefarious means. That is exactly the case when the compact $35 board was used to break into NASA‘s Jet Propulsion Labs (JPL).
Information comes from a review published by the U.S. Office of the Inspector General (OIG). Apparently, hackers were able to access JPL’s system by targeting an unauthorized Raspberry Pi. This has been left connected to the lab’s network.
This occurred back in April last year and the attackers were also able to access NASA’s Deep Space Network (DSN). The DSN contains NASA’s plans for future interplanetary missions and infrastructure information. The attackers were able to download approximately 500MB of data during the attack.
What is NASA Doing to Prevent Future Attacks?
With several countries and agencies racing to reach Mars, we can undoubtedly expect more of these kinds of breaches occurring.
Poor regulation is to blame for the recent attack, as the Raspberry Pi should not have been able to access the network. Especially since it is not documented in JPL’s security database. In response to the vulnerability, the Johnson Space Center’s network is now separate from JPL. Thus preventing attackers from bouncing network to network in the future.
This is of course, is not the first time in recent memory that the agency had a breach. Back in October, an attack hit databases containing personnel information of current and former employees. NASA notes that mission information was not part of the breach during that period.
NASA is also not the only US agency that needs to review their cybersecurity measures. Last year, auditors found the security measures of the Pentagon’s ballistic missile system to be severely lacking. In fact, three of the five systems did not even use multi-factor authentication. Requiring only passwords and key cards for entry. Thus, providing opportunity for easy exploits to gain access.