Unauthorised Raspberry Pi device blamed for hack at NASA’s Jet Propulsion Laboratory (JPL)
A hack at NASA’s Jet Propulsion Laboratory (JPL) has been blamed on an unsecure and unauthorised Raspberry Pi device.
In a report, the NASA’s Office of Inspector General, noted a previous security breach in 2011 at JPL that resulted in the theft of 87GB of data.
But in April 2018 “JPL discovered an account belonging to an external user had been compromised and used to steal approximately 500 megabytes of data from one of its major mission systems.”
An investigation apparently revealed “multiple IT security control weaknesses” that reduced “JPL’s ability to prevent, detect, and mitigate attacks targeting its systems and networks, thereby exposing NASA systems and data to exploitation by cyber criminals.”
Among a number of security flaws at JPL, including inadequate security controls, and a lack of admin visibility into network access, the investigators found that an unauthorised micro computer allowed hackers to gain access to steal the mission data.
“The April 2018 cyberattack exploited this particular weakness when the hacker accessed the JPL network by targeting a Raspberry Pi computer that was not authorised to be attached to the JPL network,” the report stated.
The highly detailed report did not reveal how the Raspberry Pi computer came to be attached to the JPL network, or indeed which staffer or contractor was responsible.
JPL was founded back in the 1930s and is owned by NASA and managed by the nearby California Institute of Technology (Caltech) for NASA.
Its goal is the construction and operation of spacecraft to explore other planets. It is also responsible for operating NASA’s Deep Space Network.