Hacker enters the NASA network using only a 30 euro Raspberry Pi 3
A hacker reached the Jet Propulsion Laboratory of NASA illegally in 2018, targeting a Raspberry Pi for the assault. Last year, the breach was found but the news was only published on June 18 in a document where NASA defines the dynamics of what occurred. An unlawful Raspberry Pi developed a kind of gap that the anonymous attacker used for months to access the network of the laboratory until the vulnerability was found and "corrected."
Raspberry Pi is a micro-computer or rather a $35 logic card that can be used as a desktop computer or media server for do - it-yourself projects, IoT. It can go unnoticed because of its size, and this has permitted those who performed the attack to perpetrate it for a long time. In this scenario, the culprit is not the tiny computer, but the victim: the intruder has acquired access to 23 documents in violation of the computer for about ten months, two of them with sensitive data about March 2020.
According to the Agency report, the hacker obtained about 500 MB of information. The fundamental issue could be much deeper than a straightforward software bug: the Raspberry Pi used by NASA did not get permission to access the network and stayed there for months, managing hundreds of MB of files before being found, all within one of America's most delicate organisations. In other words, the organization is a significant failure with regard to fundamental procedures in safety.
The attack could have had more disastrous outcomes, and it definitely makes the nose turn up a little, which was done through a $35 device, or a little more, that anyone on the market can use or discover. In brief, NASA could have a major safety issue in its infrastructure, and there does not seem to be a sufficiently efficient way to detect unlawful intrusions. Moreover, according to the study, the laboratory network discovered several unknown equipment, although they were not reported to be possibly dangerous.
Investigations into the situation are still underway, particularly for the purpose of finding the event guilty / victim. However, by installing more detection mechanics on the firewalls, the JPL has taken measures to enhance the safety grid, also beginning a search for third-party professionals in the industry to further enhance the laboratory's IT security.