NASA Jet Propulsion Laboratory network was hacked by targeting a Raspberry Pi that wasn't supposed to be connected to it

Flickr/abuakelRaspberry Pi

A hacker accessed a NASA lab’s network in April 2018, by targeting an unauthorised Raspberry Pi, a pocket-sized computer that connects to the Internet.

During the April 2018 attack, the hacker stole about 500 megabytes of data from 23 files, two of which contained information related to a Mars mission. The hacker used an external user account and moved undetected within JPL’s network for about 1o months, according to a June Office of the Inspector General report about cybersecurity at NASA’s Jet Propulsion Laboratory (JPL) in Pasadena, CA.

During this time, the hacker was able to poke for weaknesses, such as the Raspberry Pi. According to the report, this Raspberry Pi computer was not authorised, but it had been attached to the lab’s network. In turn, the hacker was able to access this network by targeting the Raspberry Pi.

This shows a major weakness, the report says, as that devices can be added to the network without being identified and vetted by security officials. This device should not have been allowed on the network without approval.

The report also found that system administrators did not consistently update the inventory system when devices are added to the network. They have to update this inventory spreadsheet manually, and may not do so if the database isn’t working or if system administrators forget to do so.

This opens the possibility of unauthorised devices being added onto the network.

The Raspberry Pi is often used as a tool for beginners to learn to code. This computer can be used to build DIY projects. Some projects that have been built with a Raspberry Pi include phone-activated coffee machines, arcade games, and dog treat dispensers.

Business Insider Emails & Alerts

Site highlights each day to your inbox.

Follow Business Insider Australia on Facebook, Twitter, LinkedIn, and Instagram.