Could You Hack Into Mars Curiosity Rover? 452
MrSeb writes "NASA's Curiosity rover has now been on the surface of Mars for just over a week. It hasn't moved an inch after landing, instead focusing on orienting itself (and NASA's scientists) by taking instrument readings and snapping images of its surroundings. The first beautiful full-color images of Gale Crater are starting to trickle in, and NASA has already picked out some interesting rock formations that it will investigate further in the next few days. Over the weekend and continuing throughout today, however, Curiosity is attempting something very risky indeed: A firmware upgrade. This got me thinking: If NASA can transmit new software to a Mars rover that's hundreds of millions of miles away... why can't a hacker do the same thing? In short, there's no reason a hacker couldn't take control of Curiosity, or lock NASA out. All you would need is your own massive 230-foot dish antenna and a 400-kilowatt transmitter — or, perhaps more realistically, you could hack into NASA's computer systems, which is exactly what Chinese hackers did 13 times in 2011."
Wikipedia has something to say about this thread (Score:5, Interesting)
http://en.wikipedia.org/wiki/Wikipedia:Don't_stuff_beans_up_your_nose [wikipedia.org]
Re:Wikipedia has something to say about this threa (Score:5, Insightful)
Actually I think every /. reader already thought about the ideas of the summary least I did. Briefly, then thinking "it's probably encrypted" and not bothering further.
I would find it a huge shame if someone managed to ruin this project, by the way, and that person will be quite universally disliked...
Re:Wikipedia has something to say about this threa (Score:4, Insightful)
If Iran/China/etc did it, they'd be disliked, but by no means universally.
Re:Wikipedia has something to say about this threa (Score:5, Insightful)
All I can say is: Stop Watching FOX News.
China, Iran and some other countries are only your enemy because you yourselves declared them the enemy. They have no interest to sabotage a peaceful scientific mission.
Re:Wikipedia has something to say about this threa (Score:5, Insightful)
What gets into the real reason nobody did it yet (and NASA didn't protect against it). What gain can there be in hacking Curiosity?
It will ceratainly expose your high profile hackers (that could be stealing rocket technology instead) and instantly turn the entire world against you. As a reward you'll get a low capacity computer 14 light minutes away, and some sensors that will be more usefull to you in the hands they are now.
You'll also get some news exposition, of course. But if you are willing to turn the entire world against you, there are plenty of easier ways that'll get way more exposition.
Re:Wikipedia has something to say about this threa (Score:4, Funny)
Re:Wikipedia has something to say about this threa (Score:4, Funny)
It was running android, but all the crapware couldnt be uninstalled and it was hard to see much with the ad banners on the top and bottom of each camera shot. Not to mention, battery life is important on Mars! :)
Re:Wikipedia has something to say about this threa (Score:5, Insightful)
Re:Wikipedia has something to say about this threa (Score:5, Insightful)
"Mommy and Daddy didn't love me, so fuck everyone!"
Re: (Score:3)
There are plenty of deeply flawed people out there who would break it just to break something that was important, damn the consequences.
"Mommy and Daddy didn't love me, so fuck everyone!"
Yes, we call them politicians.
Re: (Score:3)
Giving my mod points away just to respond to this.
Where exactly were you on 9/11/2001 ?
Re: (Score:3)
And for the exact same reason, it might be profitable for Russia or China or somebody to brick the rover. To break something important to us. Not PURELY to break something important, just "mwahahaha we destroyed the US's rover, they're going to cry!" but rather to see that US advancement is slowed so their countries can catch up.
Re:Wikipedia has something to say about this threa (Score:4, Insightful)
when did you see someone break something important just for the sake of it?
You're going to have to define "important" and "for the sake of it". I'm no cynic but still for any reasonable definition of those two terms I find it hard to believe you are that sheltered and naive. All I can say is, I'm envious of someone who has never had to deal with troubled, hateful, antisocial, misanthropist and/or disenfranchised people ever in their life, because the world has more than it's fair share.
Re:Wikipedia has something to say about this threa (Score:5, Insightful)
What has this ever stopped hackers? They don't need gains they just want the lulz.
Re:Wikipedia has something to say about this threa (Score:4, Insightful)
Sorry - script kiddies want lulz - hackers do it because it is there, or for the money.
Re: (Score:3)
Re: (Score:3, Informative)
Again, hackers would do i because it is there,
also note that what you are revering to "Hacker Emblem" http://en.wikipedia.org/wiki/Hacker_Emblem [wikipedia.org] has little to do with computer hacking
Re: (Score:3)
hacking is a bitch with 7 min lag plus you'd have to pwn mars communications undetected . Gl noobs
Re: (Score:3)
Has Slashdot really devolved to the point where nobody even bothers correcting misuse of the word "hacker" anymore?
While I might love hacking a mars rover. That has no relation to breaking anyone's security.
Re:Wikipedia has something to say about this threa (Score:4, Insightful)
This is along the lines of some small business saying "Why would someone want to hack my useless forum?" and then a week later it's full of malware and porn ads.
There's a huge amount of money in this project. It would be a huge risk to leave it wide open on the pretense that no one wants to, simply because you believe that you have both imagined every possible scenario and also believe the potential hacker will come to the same "not worth it" conclusion you did in each scenario. Those are two very big assumptions.
Re: (Score:3, Insightful)
What gets into the real reason nobody did it yet (and NASA didn't protect against it).
Who's to say nobody did it? There are many probes that NASA have lost contact with, and can only speculate at causes. I would think that some of the older models didn't have all that high security, both because they were launched before the time of BBSes and network break-ins becoming common enough that every engineer would think about it, but also because the locks back then weren't like they are now.
People will steal anything. Value? Meaningless. (Score:3, Interesting)
A buddy of mine had a type of shoe he loved to wear. He would wear them all the way out before getting another pair. He had actually worn a hole through the bottom of one pair and was on his way to the mall and decided to stop at the Winnipeg library first; which was on his way and right across the street from the mall. He'd been up all night gambling at bacgammon (that was his job, no shit... that and poker and various Chinese games like pi gaou, sap sam jung, etc... he was a gambler). He picked up a book
Re:Wikipedia has something to say about this threa (Score:5, Insightful)
Re:Wikipedia has something to say about this threa (Score:5, Funny)
Re:If it's not on the screen it never happened!! (Score:4, Informative)
The human mind is very, incredibly, unbelievably good at finding correlations and explanations for things. In schizophrenics, the part that rejects 99.99% of "proposed" correlations and explanations as bullshit is broken.
Re: (Score:3, Funny)
http://en.wikipedia.org/wiki/Wikipedia:Don't_stuff_beans_up_your_nose [wikipedia.org]
You sir, are a hero.
Hops onboard Opportunity (Score:2)
"Follow that rover" It would be like a steamroller race.
This is a great way... (Score:3)
This is a great way to paint a Bull's Eye on your back while every other geek on the planet gets some type of firearm ready.
Re: (Score:2)
Re:This is a great way... (Score:5, Informative)
Re: (Score:2)
PS "bounce off of" what the fuck sort of English is that? "bounce off" is quite sufficient.
Re:This is a great way... (Score:5, Funny)
You're all wrong. It's "Bull sigh" because that's the sound a bull makes when you get pedantic on the internet.
DSN on the Internet ? (Score:5, Informative)
Surely the OP doesn't think the DSN is on the Internet ? It sure wasn't when I worked with it, and that was at a time when that sort of protection might have seemed paranoid.
Re: (Score:2)
Having said that though, nuclear power plant, on the internet, whaat..
Re:DSN on the Internet ? (Score:5, Insightful)
Our centrifuge controllers aren't on the internet, they couldn't possibly be affected by an e-mail worm.
--Iran
Re: (Score:2)
Sure you don't think thats relevant? If you've got your own transmitter, you are talking directly to it.
Re: (Score:2)
You'd still need about a thousand other ducks to line up in a row, just in order to get a command line prompt. I mean, you'd need to know what port they were using, what communications protocol, plus, where to point the damn antenna!
Re: (Score:2)
The internet doesn't have enything to do with it. If you had a big enough radio transciever, all the codes and passwords and proticols and probably a few other things, you could hack into it.
It's not likely to happen, I agree.
Re: (Score:2)
Surely the OP doesn't think the DSN is on the Internet ?
What about the PCs controlling Curiosity? Having a back-door on a desktop is lots easier than building your own antenna.
Re: (Score:3)
You kid yourself.
There are so many 'safe' networks which are Internet attached: power plants, -nuclear- power plants, top secret military data, and so on. If it's on the Internet, or even on a network, it can be hacked.
The question, in this case, would be "why would I want to?" aside from someone from Anonymous having the rover beam back something immature, like a green penis picture, what's the appeal?
Governments typically want to steal the results of other governments' scientific efforts, not do the work
Re: (Score:3)
Re:DSN on the Internet ? (Score:5, Funny)
Why Bother with Curiousity? (Score:5, Insightful)
No worries (Score:5, Funny)
Hackers hate challenges.
Re:No worries (Score:5, Funny)
Besides, the Motto is "Hack the Planet", so this would be clearly outside the scope.
Re: (Score:3)
But it doesn't say which planet.
stupid article is extremely stupid (Score:5, Informative)
yeah, if you could build 1:1 repllica of nasa's antenna and control operation, including encoding and possible crypt, you could hack into curiosity.
and yeah, if you could enter nasa's facilities to upload the data from there you could hack into curiosity.
somehow you should maybe be more worried about hacking into nuclear subs since the methods would essentially be the same.. and pretty much "just as easy"(I would expect curiosity control channel to have some signing system for the code it accepts..).
Re: (Score:3)
Heh, which way do I point the antenna again?
Re:stupid article is extremely stupid (Score:4, Interesting)
Heh, which way do I point the antenna again?
bingo. security through obscurity. They might even have the tx/rx totally unencrypted with no credential challenge. Because you won't even know where or when to point your massively huge antenna you don't have.
Re: (Score:3)
Just a wild guess, but I'd say, point it at mars.... It's not that hard to find.
Re: (Score:2)
You forgot the "Dear Mr. Kotter" part.
Secret Questions (Score:5, Funny)
Does anyone know A)where Curiosity was born B)Curiosity's childhood pet C)Curiosity's mother's maiden name?
Re:Secret Questions (Score:5, Funny)
a) Pasadena
b) Neil Armstrong
c) Apollo
Re: (Score:3)
Does anyone know A)where Curiosity was born B)Curiosity's childhood pet C)Curiosity's mother's maiden name?
A) JPL Spacecraft Assembly Facility, Pasadena
B) Childhood pet: (@jpltweetup) [1x57.com]
C) Mother's maiden name: Ma [nasa.gov]
Once Again (Score:2)
People are assuming that NASA folks didn't think of this. If I had to guess, I'd say they're doing some sort of code signing. Nation-states are obviously on a different playing field but I'm not too worried about average people.
Also, I stopped reading the article as soon as I saw the still for Hackers: The Movie at the top. Let's hope they don't hack NASA's Gibson and give it a Pac-Man virus!
Possible answer (Score:3)
Perhaps the piece of code responsible for replacing the firmware is heavily reviewed by a group of smart mathematicians.
Security protocols requiring multiple round-trips are probably not used extensively, but perhaps they are used for setting up a session efficiently.
Possibly the thing uses one-time passwords to control access.
Etc. etc.
Re: (Score:3)
Why use public key? They launched the thing. They can use a strong symmetric key algorithm.
Oh yeah... (Score:2, Insightful)
...no problem... I am -so- sure they didn't secure the thing with a passcode or some other sort of sophisticated two-factor method to prevent unauthorized access. Special channels set up only for certain kinds of communication, byte-code written specifically to talk to other highly specialized machinery running custom software... I mean, it's not like they are rocket scientists....oh...wait...
No. (Score:2)
I couldn't. Someone else might be able to though...
So are the Curiosity updates uncertified? (Score:2)
Because if not, even the biggest antenna won't help you hack it.
Security through unplugged cable (Score:3)
I see no reason why the control system of the mars rover should be linked to anything else than the rover itself.
On the other hand, if something go badly wrong, an insulated system cannot put the blame on damn russian/chinese/iranian hackers, saving ass and injecting FUD for further "regulating" the net, in one swift move.
Therefore I am not amazed anymore to hear the rover is potentially at risk. What the risk is in practice, I dunno: let's face it, the NASA probably uses Logo to drive the rover around and nobody among black hats remembers about Logo :D
The lag would discourage me. (Score:5, Insightful)
It's bad enough when I have a few seconds of internet lag, let alone the amount of time it would take to send instructions to Rover and wait for a return.
plan large pauses before timing out
Would be funny... (Score:5, Funny)
Curiosity no longer responds after firmware update
Using Hubble Telescope the only image they can see on top of the Rover is this image: http://agilemobility.net/wp-content/uploads/2011/04/stuck_on_activate_my_iphone_screen21.jpg [agilemobility.net]
When you put it that way... (Score:5, Funny)
All you would need is your own massive 230-foot dish antenna and a 400-kilowatt transmitter
In that case, yes. Yes, I could.
Re: (Score:2)
All you would need is your own massive 230-foot dish antenna and a 400-kilowatt transmitter
In that case, yes. Yes, I could.
On your way to the Hamfest in Findlay, Ohio, then?
What about receiving? (Score:2)
Proxy (Score:5, Funny)
I've already configured my system to use Curiosity as anonymous proxy. They will never find me.
(obviously this message was posted 14 minutes ago)
Re:Proxy (Score:5, Informative)
Re:Proxy (Score:5, Funny)
Well, he's blown it. Now they know he's on Mars.
Re:Proxy (Score:5, Funny)
So, still no intelligent life. Bummer.
Maybe if you're a turd (Score:2)
I can't even begin to imagine the kind of fuckhead that would want to hack into the rover.
Doing mischief on a corporate network is one thing. I could imagine hosts of reasons for doing so. You might be looking for stuff to sell; or to make a point that lavish CEO salaries and dividends are outrageous; spying for a foreign State; whatever.
Doing mischief on a rover that boasts a round-trip delay measured in minutes is another. You stand to gain absolutely nothing that you won't find on the NASA's web site, sc
If they brick it. . . (Score:2)
Who are they going to send to re-flash it through the JTAG header?
Re: (Score:2)
I can't say I'd have much of a problem if they sent Geek Squad there to do it.
We haven't mastered carbon lifeform longevity for intra-solar transit yet, have we? Good.
stop with the high school journalism headlines (Score:2, Informative)
Ending headlines with question marks screams amateur. Hey editors... why don't you, you know, EDIT ?!
Don't - Just Don't (Score:2)
Boy, that showed 'em! (Score:2)
A hacker would need 4 things:
1. Technical knowledge of the project.
2. Secret codes or even live, dynamic password changes.
3. A way to transmit.
4. Incredible balls because you are looking at decades in prison for destroying billions of dollars of equipment, and you will get caught.
And if you are a state-sponsored terrorist, you can expect to get caught and your bosses can expect a bombing run or three.
Public Key crytography (Score:2)
Most hacks would be stopped by public key cryptography, just sign the code with a secret key known only to a scientist (use a split key so it takes more than one person to sign a file), and then it's impossible to corrupt the image after it's been signed, and impossible to upload your own image even if you have your own transmitter (or can take over NASA's transmitter).
Of course, if your hackers break into the computers used to compile the new firmware image, then they can have all sorts of back doors that
Re:Public Key crytography (Score:5, Insightful)
Is there some benefit to pubkey over simpler symmetric encryption systems, given that NASA was in a position to do a secure key exchange before the rover left?
Re: (Score:3)
Is there some benefit to pubkey over simpler symmetric encryption systems, given that NASA was in a position to do a secure key exchange before the rover left?
With public key cryptography, you only need to keep the private key safe - the secret key never needs to leave the room in which it's generated and only the public key needs to leave the room. They can give the public key to anyone to load in the rover and load it months in advance, and even if someone can extract the public key from the rover's key store, it doesn't matter.
Additionally, If the private key is believed to be compromised, they can securely replace the public key on the rover key in-transit (
Re:dd (Score:5, Informative)
The mars orbiters are already basically space wireless routers. If MRO weren't so broken, they'd have a high bandwidth relay link to earth through it.
The short range link between the lander and the orbiters is Proximity-1 http://en.wikipedia.org/wiki/Proximity-1_Space_Link_Protocol [wikipedia.org]
Re:dd (Score:5, Funny)
Good thing they're not provisioned by AT&T or Comcast, otherwise NASA would have to contend with artificial bandwidth caps. ;)
Re: (Score:2)
The mars orbiters are already basically space wireless routers.
They are wireless routers...with cameras, spectrometers, radars, and frigging' rocket engines! Too bad you can't buy one of these at your local computer store.
Re:dd (Score:4, Insightful)
Since you seem to know things, I'll ask here. Why are they using a dish antenna to communicate with the rover. Would it be more effective to use lasers? Or is the precision needed to hit a reasonable size target at those distances just too much?
Re:dd (Score:4, Informative)
Two reasons:
1 - the bands they're using aren't stopped by clouds. lasers (as in light) are.
2 - A 50-kW laser shooting a drone out of the sky:
http://www.youtube.com/watch?v=2hs9vmlEd-A [youtube.com]
Re: (Score:3)
A little of my own googling turned up some answers. They were actually going to try laser communications with Mars with the Mars Telecommunications Orbiter [wikipedia.org] in 2009. Unfortunately, it was cancelled because of budget restrictions.
Re: (Score:2)
That looks like a Layer1/Layer2 protocol, it won't get you very far without the rest of the stack.
Re: (Score:2)
Re:dd (Score:5, Interesting)
This "firmware upgrade" really isn't that big of a deal. Obviously NASA doesn't want to screw it up but they do have experience in the past. One of the first upgrades they did was in the early 90s when they reprogrammed the Voyager 2 spacecraft to take photos of poorly-lit Uranus.
That craft had never been designed to last beyond Saturn, so they had to do some new ideas like leaving the camera shutter open for several minutes AND rotating the spacecraft at the same time to avoid image blur. They also upgraded the resolution & introduced image compression so they could store all the photos during the rapid flyby.
Plus wait a full workday (9 hours) to get a response from Voyager that said "success" or "fail" on the updates. This rover upgrade is likely easy in comparson.
Re:dd (Score:5, Funny)
.. they reprogrammed the Voyager 2 spacecraft to take photos of poorly-lit Uranus.
Couldn't they have just turned on the lights in the bathroom?
(Face it, you knew an ass joke was imminent.)
Re: (Score:2)
CRC can be cracked on the fly, MD5 in a few hours. Use something like SHA-512 if you just want a checksum, or sign it using a private key kept on removable media in a restricted-access safe if you want to be able to possibly run other code in the future.
Re:Really? (Score:4, Funny)
Re: (Score:3)
Re:Really? (Score:5, Funny)
Re:Really? (Score:5, Funny)
The password is hunter2
You need to use the /cleartext command. All I see is *******.
Re: (Score:2)
Some or all of the FBI, CIA, or Seal Team 6 pay the hacker a little "visit" to have a "chat" with them. With extreme prejudice.
Re:The Real Question: (Score:5, Informative)
Due to Curiosity's nature, the onboard electronic systems need to be radiation-hardened. Not jjust "tin-foil cover" hardened. I'm talking engineered from the ground-up to resist data corruption from external radiation sources. This comes at extreme cost, both financially and physically. Every little bit of extra RAM or Flash storage adds weight to the rover unit, and by extent, tons (literally) of extra fuel to carry it that full 225,000,000km. It's not as easy as plugging in a thumb drive or popping an extra disk in there. If it really were, do you think the rocket scientists at NASA would have thought about that before they shot a billion-dollar robot into the sky?
I know you think you're being all geeky and clever, but seriously. If you aspire to second-guess every engineering decision that NASA makes, perhaps you should apply for a management position there.
Re:The Real Question: (Score:4, Interesting)
I think NASA has already has enough issues [wikipedia.org] with managers second-guessing the engineers.
Re:The Real Question: (Score:4, Insightful)
Standard operating procedure for space missions.
In the case of Curiosity, it launched in November 2011. They've had month of just sitting around, waiting for it to get into place ... which gives them time to go over the code (which was previously tested before launch), and optimize it.
It's possible that they might make some changes ... eg, send back uncompressed images initially, but then figure out which compression scheme gives them the best compression without introducing problematic noise (and operates within the hardware limits)
Or, you could have a bunch of scientists and programmers twiddle their thumbs for the better part of a year, as they wait for the launch, then wait for it to get into position.
It's typically called "safe mode" (Score:3)
Often there's a separate piece of hardware with an hours-to-days timer that is reset periodically by a heartbeat task in the main control code.
If that timer is ever allowed to expire, it smacks the main control processor over the head, makes it reset everything and then wait for ground commands, in what's called "safe mode". This makes it very unlikely that the probe will go completely out to lunch, short of both the main control processors failing.
At least, that is typically how near-earth science probes
Re:Someone should hack it -- (Score:4, Funny)
But please don't permanently damage it. Just do a few donuts, draw Guy Fawkes in the sand, make the clock flash 12:00, grind some rocks to resemble dog poop, and leave the left blinker on along with some geriatric jokes in the flash memory.