In a stunning revelation by NASA's Office of Inspector General (OIG) on Sunday, it has been revealed that an unsecured and unauthorized Raspberry Pi device, worth 25 US dollars had hacked into NASA’s Jet Propulsion Laboratory (JPL) in April 2018.
Sharing results of the investigation done by the audit team, the OIG has said in its report that while JPL has experienced many cybersecurity incidents, in last Aril 2018 an external user had stolen approximately 500 megabytes of data from one of NASA's major mission systems.
"JPL has experienced several notable cybersecurity incidents that have compromised major segments of its IT network” in the last decade, and more recently in April 2018, JPL discovered an account belonging to an external user had been compromised and used to steal approximately 500 megabytes of data from one of its major mission systems,” stated the report.
Detailing the April 2018 breach, the OIG's review report states that the hack was carried out by targeting an unauthorized Raspberry Pi attached to the JPL network. The hackers used this to their advantage and exploited the Pi to gain access to the network, compromised JPL systems as well as the Deep Space Network (DSN).
As a result of the breach, the review report states that the vulnerabilities of the JPL network have been revealed.
"JPL uses its Information Technology Security Database (ITSDB) to track and manage physical assets and applications on its network; however, we found the database inventory incomplete and inaccurate, placing at risk JPL’s ability to effectively monitor, report, and respond to security incidents."
The report has also stated that reduced visibility into devices connected to its networks has enabled the hackers were able to move freely between the different systems within the network.