A Rogue Raspberry Pi Let Hackers Into JPL Network(extremetech.com) |
A Rogue Raspberry Pi Let Hackers Into JPL Network(extremetech.com) |
In my experience, research labs tend to be creative spaces with a focus on collaboration and information security is not foremost on peoples mind. I guess that will have to change.
There seems to be a fair amount of filler in the report (review access logs, out of date inventory, etc) but these points seem pretty damning.
I bet someone could fire up a SATAN scanning instance with a Mosaic browser and find some open stuff on some of those old and crusty computers. :)
EG. I can't see your Windows shared folders from the internet, but the PC in the next room can. Someone sneaked an RPi into JPL to be that PC in the next room.
See Also; Season 1 Mr Robot had this exact scenario as a plot point.
Basically, someone plugged in a computer to the corporate network that happened to be a Raspberry Pi. Might as well have been a Beaglebone, a Banana Pi or an Intel NUC for that matter.
Or one of these things: https://blog.haschek.at/2018/the-curious-case-of-the-RasPi-i...
(Or, if you repent, SANTA.)
https://en.wikipedia.org/wiki/Security_Administrator_Tool_fo...