Wednesday, January 19

The Ingenuity drone becomes the farthest “hackable” device we know of: this is why

Ingenutiy breaks a record, and much to his regret in this case: he has become the furthest “hackable” device from Earth. Although throughout its short but successful life, the small helicopter has already exceeded the most optimistic expectations with which it launched towards Mars, the discovery of Log4Shell just a few days ago places it, in theory of course, as the device with a more distant detected and documented vulnerability that we know of.

When in July 2020 NASA technicians launched the small drone as part of the Mars 2020 mission, fingers crossed that it completed half a dozen flights. Today, almost a year and a half after that operation, he is on his way to his twenties.. The last one, number 17, he starred in just a few weeks ago, on December 5, and according to the latest data released by the agency, it was completed successfully. So much so, in fact, that a new flight record was set during the mission – more than half an hour – and NASA is already talking about planning mission number 18.

His last operation, yes, was something different from the previous ones.

A success, but with nuances

Telemetry data shows that the flight was successful, but during the descent maneuver the communication of the Ingenuity and the Perseverance rover was interrupted. The reason? Days ago NASA pointed to “a difficult radio configuration during landing” and pointed out several factors that could affect the link between the two vehicles, such as the influence of the terrain or the orientation of the Perseverance rover itself, which could have complicated communications.

Here on Earth, the news about the little Ingenuity affair practically overlapped with another of equal importance: the discovery of Log4Shell, a critical vulnerability that affects Log4I, a library developed by Apache and that plays a key part in thousands of websites. , online services and connected devices. It was so serious that, from LunaSec, there was talk of “a design flaw of catastrophic proportions”. As they point out in Genbeta, the coincidence between one event and the other, the loss of signal from Ingenuity and the failure of Log4Shell, was the result of simple chance. The million dollar question is: Were those who associated them wrong?

At the very least they weren’t entirely wrong. Not because the vulnerability had affected the mission of the Martian helicopter, but because everything indicates that, indeed, Ingenuity could be the furthest “hackable” device from Earth, even more than the ISS.

Along with Linux and other open sources components, andNASA’s drone has Apache Log4J installed. The data was revealed by the Apache Foundation itself via Twitter. An updated version is already available that allows patching security holes linked to Log4Shell, but it will not be easy for Ingenuty to benefit from it: updating the software of a device without physically accessing it is a very complex operation and any error could leave him intulized.

Does that mean the Martian drone is exposed? Theoretically, it assumes that Ingenuity becomes the farthest “hackable” device that we know of, but the chances that it could be compromised are downright remote. Whoever wanted to attack the device would need to connect to it and run a script, an impossible task without being part of NASA.

Via Genbeta