NASA Jet Propulsion Laboratory network was hacked by targeting a Raspberry Pi that wasn't supposed to be connected to it
- An Office of the Inspector General report says that a hacker accessed the network of NASA's Jet Propulsion Laboratory in Pasadena, CA in April 2018 by targeting an unauthorized Raspberry Pi, a small computer that is often used to make DIY projects.
- The report said that this reveals a weakness in the lab's cybersecurity, as devices can be added to the network without being properly vetted.
- During the April 2018 attack, the hacker stole 500 megabytes of data, including data about a Mars mission.
- Visit Business Insider's homepage for more stories.
A hacker accessed a NASA lab's network in April 2018, by targeting an unauthorized Raspberry Pi, a pocket-sized computer that connects to the Internet.
During the April 2018 attack, the hacker stole about 500 megabytes of data from 23 files, two of which contained information related to a Mars mission. The hacker used an external user account and moved undetected within JPL's network for about 1o months, according to a June Office of the Inspector General report about cybersecurity at NASA's Jet Propulsion Laboratory (JPL) in Pasadena, CA.
During this time, the hacker was able to poke for weaknesses, such as the Raspberry Pi. According to the report, this Raspberry Pi computer was not authorized, but it had been attached to the lab's network. In turn, the hacker was able to access this network by targeting the Raspberry Pi.
This shows a major weakness, the report says, as that devices can be added to the network without being identified and vetted by security officials. This device should not have been allowed on the network without approval.
The report also found that system administrators did not consistently update the inventory system when devices are added to the network. They have to update this inventory spreadsheet manually, and may not do so if the database isn't working or if system administrators forget to do so.
This opens the possibility of unauthorized devices being added onto the network.
The Raspberry Pi is often used as a tool for beginners to learn to code. This computer can be used to build DIY projects. Some projects that have been built with a Raspberry Pi include phone-activated coffee machines, arcade games, and dog treat dispensers.