There has been a very unique case of hacking that is now in the limelight. We have known that NASA’s Jet Propulsion Laboratory was recently compromised. And it has been revealed that Raspberry Pi was used to do this act of hacking.
There are people who have been saying that you should own Raspberry Pi devices if you are a tech geek. However, this device was used to exploiting and get unauthorized access to NASA’s Jet Propulsion Laboratory which is far from ideal.
In April 2018, the NASA JPL system was hacked and it has now been revealed courtesy of U.S. office of inspector general that Raspberry Pi was used to do it. The report from OIG came on June 18, 2019. In the report, Office of Inspector General said that JPL “has experienced several notable cybersecurity incidents that have compromised major segments of its IT network” and the recent hack was “used to steal approximately 500 megabytes of data from one of its major mission systems.”
However, OIG’s report also reveals that JPL’s security is also questionable. The report says that there are problems in how JPL is managing and monitoring its network. OIG, in its report, reveals that “Moreover, system administrators did not consistently update the inventory system when they added devices to the network.
Specifically, we found that 8 of 11 system administrators responsible for managing the 13 systems in our sample maintain a separate inventory spreadsheet of their systems from which they periodically update the information manually in the ITSDB,”
“One system administrator told us he does not regularly enter new devices into the ITSDB as required because the database’s updating function sometimes does not work and he later forgets to enter the asset information. Consequently, assets can be added to the network without being properly identified and vetted by security officials.
The April 2018 cyber attack exploited this particular weakness when the hacker accessed the JPL network by targeting a Raspberry Pi computer that was not authorized to be attached to the JPL network. The device should not have been permitted on the JPL network without the JPL [Office of the Chief Information Officer]’s review and approval.” reveals the report from OIG.