NASA Hack Used a Raspberry Pi

NASA hacked by raspberry

Images Shutterstock

Johnson resumed using limited spacecraft data in March, almost a year after the hack was discovered.

NASA has revealed that hackers were able to illegally access and steal data from its various mission systems using a cheap computer device known as the Raspberry Pi. Following the incident, the space agency noted that it is already taking the necessary steps to implement tighter security to protect its systems and networks.

Although the Pi had been attached to the network by the employee, lax controls over logging meant Nasa administrators did not know it was present, said the report.

Raspberry Pis are popular because they offer a deceptively capable platform in an itty-bitty form factor that's ideal for tinkering.

The hacker used a Raspberry Pi to access the system and exploit the security flaws within the network in order to successfully pull off the hack.

The audit report really helpful that NASA does a greater job of monitoring its network and tighten up its hack attack policies.

However, report labels the ITSDB as "inaccurate" and "incomplete", saying that it makes JPL more prone to security related incidents. "This shortcoming enabled an attacker to gain unauthorized access to JPL's mission network through a compromised external user system", reports OIG.

Last year, NASA reported a major cyber-attack.

The report mentioned that one system administrator confessed: "He does not regularly enter new devices into the ITSDB as required because the database's updating function sometimes does not work and he later forgets to enter the asset information".

The audit course revealed a number of other devices on the JPL network that system directors didn't find out about.

The Star-News says hackers also broke into JPL in 2009, 2011, 2014, 2016 and 2017. As a result, the security teams of some sensitive programs, such as the Orion Multi-Purpose Crew Vehicle and the International Space Station, have chosen to disconnect from the agency's network.

As soon as the attacker had received access, they then moved across the internal network by taking advantage of weak internal security controls that ought to have made it impossible to leap between different departmental techniques.

Did you enjoy reading this article?

Latest News