NASA's famous Jet Propulsion Laboratory (JPL) might have been able to land more remote-controlled robots on Mars – but when it comes to its cyber security track record, things look much less rosy.
According to a new 82-page survey by NASA's inspector's office, the JPL team's cyber security systems are plagued by errors. In fact, the report describes an event in which 23 files of mission-critical data were stolen by hackers – the culprit: a Raspberry Pi nano computer "that was not authorized to join the JPL network." The attack went unnoticed for ten full months.
The Raspberry Pi was not monitored by IT security personnel before being connected. The report points out that JPL administrators have not added new devices, including Raspberry Pi, to official listings.
The device was later cut off from JPL's network, but not before the hackers could move sideways across the network
Even worse, a separate software vulnerability, allows "cyber attackers to remotely perform malicious code, encrypt data on a targeted system, and require payments to unlock the data "- and it was not fully addressed. 1
More about cybersecurity: 19659010] Hackers threaten constituency worldwide