March: Ingenuity threatened by the Log4Shell flaw?

March Ingenuity threatened by the Log4Shell flaw

Could the NASA helicopter landed on Mars be hacked? The Apache Foundation tweeted that Ingenuity uses Log4j, the library containing a major security vulnerability. What is it really ?

You will also be interested


[EN VIDÉO] Ingenuity, further and faster for its third flight
This Sunday, April 25, 2021, Ingenuity, NASA’s Martian helicopter made its third flight. A flight immortalized once again by the Mastcam-Z of the Perseverance rover, parked a few tens of meters away. Ingenuity this time flew up to 50 meters downstream from the landing spot, out of the camera’s range. All for a flight of around 80 seconds at around 2 meters per second. © NASA / JPL-Caltech / ASU / MSSS

Is there a safety issue on boardIngenuity, the little helicopter of the Nasa currently on the planet Mars? This is the question that arises since the revelation of information suggesting that the device would be vulnerable to the Log4Shell flaw that has been shaking up the IT world for a week.

Last June, the Apache Foundation published a tweet in which it claims thatIngenuity works thanks to Apache’s Log4j. However, it is precisely in the Log4j library that the Log4Shell flaw is located. It did not take more than a cut in transmission with the helicopter at its 17e flight last December 5 launched speculation on a possible attack.

Information denied by NASA

Fortunately for NASA, it is not. The site Futurism received a formal denial from the space agency. ” NASA’s Ingenuity helicopter does not run Apache or log4j, and is not vulnerable to the log4j flaw. NASA takes cybersecurity very seriously and for this reason we are not discussing details regarding the cybersecurity of the agency’s assets. »Said a spokesperson. The Apache Foundation has since acknowledged its error and deleted the tweet in question, which was archived by the Wayback Machine.

However, even NASA can sometimes encounter security holes. In 2018, hackers managed to steal 500 megabytes of data. The culprit then was a Raspberry Pi, a mini-computer that had been plugged into the agency’s internal network. The device was not detected due to weaknesses in the system and an outdated database with device information on the network.

Interested in what you just read?

.

fs1