I saw this over at PCMag, and I couldn’t believe my eyes. Here we all are being thrilled by the pictures from Mars (yes, very expensive pictures) and what do I see?
"MarsCuriosity: Anyone in Madrid, Spain or Canbarra who can help isolate the huge control signal used for the Mars Odyssey / Curiosity system please? The cypher and hopping is a standard mode, just need base frequency and recordings/feed of the huge signal going out. (yes we can spoof it both directions!)" – “MarsCuriosity”
This appeared on the “AnonOps” IRC according to the security firm “Flashpoint” which monitors the hacker channels. This person hasn’t received any public answers yet, however and this ‘handle’ isn’t a known one.
This might or might not be a true effort, and might or might not be a real objective of the Anonymous collective. It could be a trap being set for them, but according to Flashpoint this shows more than a casual knowledge of how communications with “Curiosity” work. That in itself is disturbing.
What I find more disturbing is that these people might actually be thinking about something like that.
It engendered an article in PCMag “How to Hack NASA’s Curiosity Rover”, here.
You really can’t hack it across the interplanetary distances. Probably, you’d have to hack into NASA’s mainframe. That, unfortunately is the easiest part. The Government is notoriously poor in cyber security.
There are some things militating against such an effort: Resources. You’d pretty much have to be a nation state to devote such resources. This isn’t a little SQL injection. You’d have to be intercepting, translating and predicting NASA’s communications and Curiosity’s responses. That means you’d have to know that language, and what NASA’s schedule is, because these communications are queued up for hours. So, you’d have to be able to spoof the communications (which are highly directional) also.
The security on the rover is awesome. It’s software is updated realtime by the engineers at NASA and trying to sneak malicious code by them? I think is a bit out of the “Anonymous” league. It isn’t out of the league for a certain nation state which has hacked our satellites in the past.
Just a bit of human error:
Earlier this year, NASA Inspector General Paul Martin briefed Congress on the "the loss or theft of 48 Agency mobile computing devices" between April 2009 and April 2011 and "5,408 computer security incidents [in 2010 and 2011] that resulted in the installation of malicious software on or unauthorized access to [NASA] systems." - http://www.pcmag.com/article2/0,2817,2401020,00.asp
makes all this not totally unreasonable.
Imagine what Damon Poeter over at PCMag did (with the help of some pretty savvy guys).
"Imagine if hackers were able to get access to the systems operating NASA's Deep Space Network—the one that is responsible for radio communications with the rover and other interplanetary objects.” - http://www.pcmag.com/article2/0,2817,2408295,00.asp
So… I hope the folks at NASA and JPL have changed passwords (or whatever they use). “Curiosity” might (and probably will) discover some really incredible stuff out there. I really don’t want anything bad to happen to the “Johnny 5”-mobile.