August 15, 2022

TheCyberThrone

Thinking Security ! Always

NASA Mars Mission Log4j Powered ?

Did log4j, the buggy software utility from hell, get NASA’s experimental Mars helicopter hacked? The answer is: according to NASA, it doesn’t even use the doomed tool.

One of two Mars based vehicles operated by America’s space agency, uses log4j. In fact, Apache, the maker of the ubiquitous, vulnerability ridden tool, apparently tweeted back in June that the space chopper was powered by log4j.

Advertisements

Log4j, is a widely used Apache logging program that was recently discovered to be afflicted with serious security vulnerabilities that could easily get you hacked. It has been used by virtually everyone, from coders at Twitter and Apple to those at Amazon and LinkedIn. But not, apparently, the NASA engineers who built Ingenuity.

Ingenuity, which is the first man-made vehicle to fly on an alien planet, was launched last year and landed on Mars in March along with its partner, the Perseverance rover. The automated chopper recently took its 17th flight over the surface of the planet breaking its previous record by staying aloft for a little over 30 minutes.

The flight was mostly a success, the vehicle temporarily disappeared from NASA’s view after suffering a minor network issue. The rotorcraft’s status after the Dec. 5 flight was previously unconfirmed due to an unexpected cutoff to the in-flight data stream as the helicopter descended toward the surface at the conclusion of its flight,” the space agency reported, in a recent press release.

Advertisements

Ingenuity’s use of the unfortunate Apache utility, coupled with its recent unexpected data disruption, led some to wonder: Did Apache’s bug get NASA’s space chopper hacked?

NASA’s Ingenuity helicopter does not run Apache or log4j nor is it susceptible to the log4j vulnerability. NASA takes cybersecurity very seriously and, for this reason, we do not discuss specifics regarding the cybersecurity of agency assets.” statement

That it was even plausible that Ingenuity could have used log4j more speaks to its ubiquity more than it does to some mystical off-world hacking incident. And, while the bug-ridden utility did not, according to NASA, have anything to do with Ingenuity, it’s still a huge problem. As companies throughout the world race to patch their systems, cybercriminals are hot on their heels and are already beginning to cause substantial damage

Advertisements

Yes, it’s all pretty bad. Only time will tell how big the mess wrought by log4j is but don’t hold your breath. It’s going to take awhile to find out how screwed we all are.

%d bloggers like this: