Slashdot Mirror
Could You Hack Into Mars Curiosity Rover?
MrSeb writes "NASA's Curiosity rover has now been on the surface of Mars for just over a week. It hasn't moved an inch after landing, instead focusing on orienting itself (and NASA's scientists) by taking instrument readings and snapping images of its surroundings. The first beautiful full-color images of Gale Crater are starting to trickle in, and NASA has already picked out some interesting rock formations that it will investigate further in the next few days. Over the weekend and continuing throughout today, however, Curiosity is attempting something very risky indeed: A firmware upgrade. This got me thinking: If NASA can transmit new software to a Mars rover that's hundreds of millions of miles away... why can't a hacker do the same thing? In short, there's no reason a hacker couldn't take control of Curiosity, or lock NASA out. All you would need is your own massive 230-foot dish antenna and a 400-kilowatt transmitter — or, perhaps more realistically, you could hack into NASA's computer systems, which is exactly what Chinese hackers did 13 times in 2011."
http://en.wikipedia.org/wiki/Wikipedia:Don't_stuff_beans_up_your_nose
"Follow that rover" It would be like a steamroller race.
“He’s not deformed, he’s just drunk!”
This is a great way to paint a Bull's Eye on your back while every other geek on the planet gets some type of firearm ready.
Surely the OP doesn't think the DSN is on the Internet ? It sure wasn't when I worked with it, and that was at a time when that sort of protection might have seemed paranoid.
We've got plenty of satellites around here that can be updated remotely, and which don't required massive, high-gain antennas to reach.
the growth in cynicism and rebellion has not been without cause
Hackers hate challenges.
What political party do you join when you don't like Bible-thumpers *or* hippies?
yeah, if you could build 1:1 repllica of nasa's antenna and control operation, including encoding and possible crypt, you could hack into curiosity.
and yeah, if you could enter nasa's facilities to upload the data from there you could hack into curiosity.
somehow you should maybe be more worried about hacking into nuclear subs since the methods would essentially be the same.. and pretty much "just as easy"(I would expect curiosity control channel to have some signing system for the code it accepts..).
world was created 5 seconds before this post as it is.
Does anyone know A)where Curiosity was born B)Curiosity's childhood pet C)Curiosity's mother's maiden name?
Perhaps the piece of code responsible for replacing the firmware is heavily reviewed by a group of smart mathematicians.
Security protocols requiring multiple round-trips are probably not used extensively, but perhaps they are used for setting up a session efficiently.
Possibly the thing uses one-time passwords to control access.
Etc. etc.
If Pandora's box is destined to be opened, *I* want to be the one to open it.
I see no reason why the control system of the mars rover should be linked to anything else than the rover itself.
On the other hand, if something go badly wrong, an insulated system cannot put the blame on damn russian/chinese/iranian hackers, saving ass and injecting FUD for further "regulating" the net, in one swift move.
Therefore I am not amazed anymore to hear the rover is potentially at risk. What the risk is in practice, I dunno: let's face it, the NASA probably uses Logo to drive the rover around and nobody among black hats remembers about Logo :D
---- MISSING MISCELLANEOUS DATA SEGMENT --- [sigdash] trolololol
It's bad enough when I have a few seconds of internet lag, let alone the amount of time it would take to send instructions to Rover and wait for a return.
plan large pauses before timing out
A feeling of having made the same mistake before: Deja Foobar
Curiosity no longer responds after firmware update
Using Hubble Telescope the only image they can see on top of the Rover is this image: http://agilemobility.net/wp-content/uploads/2011/04/stuck_on_activate_my_iphone_screen21.jpg
All you would need is your own massive 230-foot dish antenna and a 400-kilowatt transmitter
In that case, yes. Yes, I could.
The mars orbiters are already basically space wireless routers. If MRO weren't so broken, they'd have a high bandwidth relay link to earth through it.
The short range link between the lander and the orbiters is Proximity-1 http://en.wikipedia.org/wiki/Proximity-1_Space_Link_Protocol
I've had enough abrasive sigs. Kittens are cute and fuzzy.
I think it would be more interesting to set up a dish to receive data from curiosity and all the other Mars projects
Warning: The Surgeon General Has Determined that Sigs are Dangerous to Your Health
I've already configured my system to use Curiosity as anonymous proxy. They will never find me.
(obviously this message was posted 14 minutes ago)
Privacy is terrorism.
Good thing they're not provisioned by AT&T or Comcast, otherwise NASA would have to contend with artificial bandwidth caps. ;)
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
Silly AC. All you have to do is: ssh root@curiosity.marsrover.jpl.nasa.gov The password is hunter2
I really wanted to change my sig to something witty, but all I could come up with is this.
A hacker would need 4 things:
1. Technical knowledge of the project.
2. Secret codes or even live, dynamic password changes.
3. A way to transmit.
4. Incredible balls because you are looking at decades in prison for destroying billions of dollars of equipment, and you will get caught.
And if you are a state-sponsored terrorist, you can expect to get caught and your bosses can expect a bombing run or three.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
Since you seem to know things, I'll ask here. Why are they using a dish antenna to communicate with the rover. Would it be more effective to use lasers? Or is the precision needed to hit a reasonable size target at those distances just too much?
Give me Classic Slashdot or give me death!
Actually I think every /. reader already thought about the ideas of the summary least I did. Briefly, then thinking "it's probably encrypted" and not bothering further.
I would find it a huge shame if someone managed to ruin this project, by the way, and that person will be quite universally disliked...
This "firmware upgrade" really isn't that big of a deal. Obviously NASA doesn't want to screw it up but they do have experience in the past. One of the first upgrades they did was in the early 90s when they reprogrammed the Voyager 2 spacecraft to take photos of poorly-lit Uranus.
That craft had never been designed to last beyond Saturn, so they had to do some new ideas like leaving the camera shutter open for several minutes AND rotating the spacecraft at the same time to avoid image blur. They also upgraded the resolution & introduced image compression so they could store all the photos during the rapid flyby.
Plus wait a full workday (9 hours) to get a response from Voyager that said "success" or "fail" on the updates. This rover upgrade is likely easy in comparson.
My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
If Iran/China/etc did it, they'd be disliked, but by no means universally.
...I would have one command that couldn't be overridden, which resets the firmware to the known state that the Rover launched with. So even if a well-meaning NASA engineer bricks it, it could be made operational again and re-flashed with corrected firmware.
NASA has some pretty smart folks on staff: I imagine this feature already exists.
Koans and fables for the software engineer
What gets into the real reason nobody did it yet (and NASA didn't protect against it). What gain can there be in hacking Curiosity?
It will ceratainly expose your high profile hackers (that could be stealing rocket technology instead) and instantly turn the entire world against you. As a reward you'll get a low capacity computer 14 light minutes away, and some sensors that will be more usefull to you in the hands they are now.
You'll also get some news exposition, of course. But if you are willing to turn the entire world against you, there are plenty of easier ways that'll get way more exposition.
Rethinking email
Curiosity has 2GB of onboard radiation-hardened Flash storage - not enough to fit both the Flight software and the Rover software at the same time. So they devised a system where they would fly the rover to Mars with the Flight software, and considering they wouldn't be performing a return trip, decided that they could remote-wipe the flight data and install rover software in its place.
Due to Curiosity's nature, the onboard electronic systems need to be radiation-hardened. Not jjust "tin-foil cover" hardened. I'm talking engineered from the ground-up to resist data corruption from external radiation sources. This comes at extreme cost, both financially and physically. Every little bit of extra RAM or Flash storage adds weight to the rover unit, and by extent, tons (literally) of extra fuel to carry it that full 225,000,000km. It's not as easy as plugging in a thumb drive or popping an extra disk in there. If it really were, do you think the rocket scientists at NASA would have thought about that before they shot a billion-dollar robot into the sky?
I know you think you're being all geeky and clever, but seriously. If you aspire to second-guess every engineering decision that NASA makes, perhaps you should apply for a management position there.
They will be fine, as long as the Curiosity Rover has the iPhone IOS!
Two reasons:
1 - the bands they're using aren't stopped by clouds. lasers (as in light) are.
2 - A 50-kW laser shooting a drone out of the sky:
http://www.youtube.com/watch?v=2hs9vmlEd-A
A little of my own googling turned up some answers. They were actually going to try laser communications with Mars with the Mars Telecommunications Orbiter in 2009. Unfortunately, it was cancelled because of budget restrictions.
Give me Classic Slashdot or give me death!
http://en.wikipedia.org/wiki/Wikipedia:Don't_stuff_beans_up_your_nose
You sir, are a hero.
No, the password is "swordfish". The password is always "swordfish".
Be who you are...and be it in style!
Standard operating procedure for space missions.
In the case of Curiosity, it launched in November 2011. They've had month of just sitting around, waiting for it to get into place ... which gives them time to go over the code (which was previously tested before launch), and optimize it.
It's possible that they might make some changes ... eg, send back uncompressed images initially, but then figure out which compression scheme gives them the best compression without introducing problematic noise (and operates within the hardware limits)
Or, you could have a bunch of scientists and programmers twiddle their thumbs for the better part of a year, as they wait for the launch, then wait for it to get into position.
Build it, and they will come^Hplain.
.. they reprogrammed the Voyager 2 spacecraft to take photos of poorly-lit Uranus.
Couldn't they have just turned on the lights in the bathroom?
(Face it, you knew an ass joke was imminent.)
"Is life so dear, or peace so sweet, as to be purchased at the price of chains and slavery?" - Patrick Henry
Political motivations. Plenty of hackers around the world would love to make the US government look incompetent - destroying a very expensive scientific mission like Curiosity, especially one for which there is such a high level of public awareness, would achieve that aim. No need to even hack it with precision (Amusing as it would be if the next image returned was Goatse), just fill the firmware with garbage and brick it.
-o ConnectTimeout=1860
So... the rover was responsible for the flight systems of its own delivery mechanism?
And this is bad, why? Better to have one very rigorously tested and radiation-hardened system than two separate ones, especially if regardless of where you put the "brain" you need the same back-and-forth connections to sensors, actuators, etc.
Fun Fact: The airplane was invented by a couple of hillbillies, in a bike shed. Education can be overrated.
Hillbillies whose parents at one point were going to send at least one of them to Yale, and who at various times ran their own printing-presses and manufactured their own line of bicycles. Not exactly playin' the washtub bass...
What has this ever stopped hackers? They don't need gains they just want the lulz.
I think NASA has already has enough issues with managers second-guessing the engineers.
Hmm, you must be some sort of imbecile. Hardened ICs have extra circuitry indeed. You add several protection diodes to _every_ _single_ _gate_, the MOS circuit components (gates, lanes, etc) are somewhat different on a hardened IC as well. The I/O gates are redesigned to be a lot more robust to interference, and that takes a lot more silicon space. And you have to use bigger topologies that have far less leakage current and far more passive resistance against state change caused by hard radiation.
Hardened flash has bigger SLC cells than the standard enterprise SLC flash, on top of the usual hardening of the decoders, etc that make up the rest of the flash chip. It is easily 2000x more expensive than the surplus MLC crap you have on your desk, and that's *before* you factor in the costs of actually testing it against hard-radiation sources.
No, NASA engineers are not infallible, and NASA management is really not up to snuff nowadays. But they are much better at it than YOU.
Curiosity has 2GB of onboard radiation-hardened Flash storage - not enough to fit both the Flight software and the Rover software at the same time. So they devised a system where they would fly the rover to Mars with the Flight software, and considering they wouldn't be performing a return trip, decided that they could remote-wipe the flight data and install rover software in its place.
So... the rover was responsible for the flight systems of its own delivery mechanism?
If that's the case (which I cannot confirm nor deny, lacking NASA's rover specs), then it's stupid. Having the inter-planetary firmware update ability as a fallback is a good idea, but making it your default, especially knowing all the shit that could very easily go wrong and turn Curiosity into a multi-billion dollar brick? Stupid.
So in a system where every ounce counts they should have a whole second computer, when there is a plan where they can use just one? Between your opinion and the rocket scientists, I'm siding with the rocket scientists.
Due to Curiosity's nature, the onboard electronic systems need to be radiation-hardened. Not jjust "tin-foil cover" hardened. I'm talking engineered from the ground-up to resist data corruption from external radiation sources.
No shit, thanks Captain Obvious. Hard to recognize you without the mask and cape.
And of course, the people working at NASA are incapable of making mistakes or poor decisions, right?
They have made some pretty huge mistakes. Still, I side with the rocket scientists over obnoxious immature guy on the internet.
This comes at extreme cost, both financially and physically. Every little bit of extra RAM or Flash storage adds weight to the rover unit, and by extent, tons (literally) of extra fuel to carry it that full 225,000,000km.
looks at identical 2GB and 8GB flash drives sitting on desk ...
Citation needed.
I suspect that NASA didn't order the radiation-hardened RAM off of Newegg. They may only manufacture this in 2 GB modules, per spec. Surely the fact that 4 != 1 can get past your wall of smarminess.
It's not as easy as plugging in a thumb drive or popping an extra disk in there. If it really were, do you think the rocket scientists at NASA would have thought about that before they shot a billion-dollar robot into the sky?
"rocket scientist" != infallible, omniscient deity. I know this is probably a tough pill to swallow, but just because someone has a particular title next to their name, does not, in any way, indicate their ability to complete every task sans mistakes and oversights.
But "Rocket scientist" > "obnoxious big mouth on the internet". You still haven't provided any evidence to support your claim that you know more about designing Mars rovers than the team at NASA. You haven't provided any evidence to support your claim that the amount of RAM was chosen in error. You have provided much irrelevant bleating.
I know you think you're being all geeky and clever, but seriously.
Actually, I was making a joke (figured the PS3 reference was a dead giveaway). You know, one of those little sentences or short stories that are made with the intent of causing the audience's corner mouth muscles to pull up slightly, and encourage a repetitive "ha ha" sound to be emitted from the throat?
Of course, you may be one of those poor, sad, creatures who are apparently incapable of anything resembling happiness or humor. If so, please disregard (and get a damn sense of humor)
I thought the PS3 reference was funny. You should have stopped there.
If you aspire to second-guess every engineering decision that NASA makes, per
Is there some benefit to pubkey over simpler symmetric encryption systems, given that NASA was in a position to do a secure key exchange before the rover left?
Lets hope NASA read the research by HDMoore back in 2010, where he identified security mis-configurations with the VxWorks software.
http://www.metasploit.com/modules/auxiliary/admin/vxworks/wdbrpc_memory_dump/
http://www.darkreading.com/vulnerability-management/167901026/security/application-security/226100011/researcher-pinpoints-widespread-common-flaw-among-vxworks-devices.html
Sorry - script kiddies want lulz - hackers do it because it is there, or for the money.
'...if only "Jumping to a Conclusion" was an event in the Olympics.'
This is along the lines of some small business saying "Why would someone want to hack my useless forum?" and then a week later it's full of malware and porn ads.
There's a huge amount of money in this project. It would be a huge risk to leave it wide open on the pretense that no one wants to, simply because you believe that you have both imagined every possible scenario and also believe the potential hacker will come to the same "not worth it" conclusion you did in each scenario. Those are two very big assumptions.
There are plenty of deeply flawed people out there who would break it just to break something that was important, damn the consequences.
"Mommy and Daddy didn't love me, so fuck everyone!"
What gets into the real reason nobody did it yet (and NASA didn't protect against it).
Who's to say nobody did it? There are many probes that NASA have lost contact with, and can only speculate at causes. I would think that some of the older models didn't have all that high security, both because they were launched before the time of BBSes and network break-ins becoming common enough that every engineer would think about it, but also because the locks back then weren't like they are now.
The password is hunter2
You need to use the /cleartext command. All I see is *******.
Ceci n'est pas un sig.
Is there some benefit to pubkey over simpler symmetric encryption systems, given that NASA was in a position to do a secure key exchange before the rover left?
With public key cryptography, you only need to keep the private key safe - the secret key never needs to leave the room in which it's generated and only the public key needs to leave the room. They can give the public key to anyone to load in the rover and load it months in advance, and even if someone can extract the public key from the rover's key store, it doesn't matter.
Additionally, If the private key is believed to be compromised, they can securely replace the public key on the rover key in-transit (assuming the attacker hasn't gotten there first) by sending a new firmware image that replaces the compromised key with a new public key. Even if an attacker is watching the stream and sees the new public key getting sent to the lander, he can't use that new public key to launch a new attack, he'd have to gain access to the new secret key.
In contrast, if an attacker compromises the secret key in symmetric key encryption, there's no way to replace it on the rover since the attacker can decrypt anything that's sent to the rover so if they send over a new encryption key, he can see it.
I bricked my routeeeeeeer, but I did not brick curiosity!
Funnyhacks - Wierd, unusual, and fun hacks
True hackers would hijack control and use the laser spectroscope to burn the Hacker Emblem onto a Martian rock.
Ezekiel 23:20
Often there's a separate piece of hardware with an hours-to-days timer that is reset periodically by a heartbeat task in the main control code.
If that timer is ever allowed to expire, it smacks the main control processor over the head, makes it reset everything and then wait for ground commands, in what's called "safe mode". This makes it very unlikely that the probe will go completely out to lunch, short of both the main control processors failing.
At least, that is typically how near-earth science probes work.
To a Lisp hacker, XML is S-expressions in drag.
hacking is a bitch with 7 min lag plus you'd have to pwn mars communications undetected . Gl noobs
---Up Up Down Down Left Right Left Right B A START
It was running android, but all the crapware couldnt be uninstalled and it was hard to see much with the ad banners on the top and bottom of each camera shot. Not to mention, battery life is important on Mars! :)
Again, hackers would do i because it is there,
also note that what you are revering to "Hacker Emblem" http://en.wikipedia.org/wiki/Hacker_Emblem has little to do with computer hacking
'...if only "Jumping to a Conclusion" was an event in the Olympics.'
But please don't permanently damage it. Just do a few donuts, draw Guy Fawkes in the sand, make the clock flash 12:00, grind some rocks to resemble dog poop, and leave the left blinker on along with some geriatric jokes in the flash memory.
Table-ized A.I.
A buddy of mine had a type of shoe he loved to wear. He would wear them all the way out before getting another pair. He had actually worn a hole through the bottom of one pair and was on his way to the mall and decided to stop at the Winnipeg library first; which was on his way and right across the street from the mall. He'd been up all night gambling at bacgammon (that was his job, no shit... that and poker and various Chinese games like pi gaou, sap sam jung, etc... he was a gambler). He picked up a book he wanted to look at, and sat down on a couch and kicked off his shoes for a bit. He knew he was at risk of having an inadvertant nap but figured, what the hell, my shoes are beat to shit, who's going to steal them? He ended up nodding off while reading, woke up and found someone had stolen his beat up to shit shoes with the hole in one. I happened to run into just after it happened and just looked and said, why the fuck are you walking around downtown in your socks? Then he told me the story.
Bottom line: People will steal anything. Even beat up shoes with a hole in them. If someone decides to try to hack curioslity, it doesn't have to be for money. In fact that kind of person might be the more dangerous. They're the ones who will come completely out of left field.
-- I ignore anonymous replies to my comments and postings.
The words you're looking for are "mentally ill," specifically "schizophrenic."
The human mind is very, incredibly, unbelievably good at finding correlations and explanations for things. In schizophrenics, the part that rejects 99.99% of "proposed" correlations and explanations as bullshit is broken.
Oh, come on. Who said anything about breaking it? If you wouldn't jump at the chance to "flip some bits" and scribble your name in the dirt ON MARS, then you can turn in your geek card, sir.
Fanboy Status: Apache Flex, C#, Eclipse, KDE, Pirate Party, Ron Paul, Slackware, Windows 7
Has Slashdot really devolved to the point where nobody even bothers correcting misuse of the word "hacker" anymore?
While I might love hacking a mars rover. That has no relation to breaking anyone's security.
Giving my mod points away just to respond to this.
Where exactly were you on 9/11/2001 ?
> when did you see someone break something important just for the sake of it?
There are regular news stories about vandalism, ranging from things like memorials that are important symbolically through to things like railway where vandalism could result in a very dangerous situation.
Haven't you ever seen coverage of riots? Usually any big riot is a mix of looting where the motive is theft and just pure mindless destruction of property (e.g. cars being rolled over or torched)
On an electronic level, there are plenty of DOS and DDOS attacks that are motivated by mischief rather than any other motive.
For a lot of people (maybe all of us to some extent) destroying things can be enjoyable.
All I can say is: Stop Watching FOX News.
China, Iran and some other countries are only your enemy because you yourselves declared them the enemy. They have no interest to sabotage a peaceful scientific mission.
when did you see someone break something important just for the sake of it?
You're going to have to define "important" and "for the sake of it". I'm no cynic but still for any reasonable definition of those two terms I find it hard to believe you are that sheltered and naive. All I can say is, I'm envious of someone who has never had to deal with troubled, hateful, antisocial, misanthropist and/or disenfranchised people ever in their life, because the world has more than it's fair share.
(1.21 gigawatts) / (88 miles per hour) = 30 757 874 newtons
There are plenty of deeply flawed people out there who would break it just to break something that was important, damn the consequences.
"Mommy and Daddy didn't love me, so fuck everyone!"
Yes, we call them politicians.
Be seeing you...
It may not SOLELY have been to break something important, but it was directly to break something important, so as to cause the consequences of having lost something important.
And for the exact same reason, it might be profitable for Russia or China or somebody to brick the rover. To break something important to us. Not PURELY to break something important, just "mwahahaha we destroyed the US's rover, they're going to cry!" but rather to see that US advancement is slowed so their countries can catch up.
That's like saying "Why do people go to war? Just for the sake of shooting people and capturing land?" Well, YES, actually, but there's more to it.
GCS/MU/P d- s:- a-- C++++$ UL++ P+ L++ E+ W++ N o K- w--- O M+ V- PS+++ PE Y+ PGP t+ 5- X R++ tv+ b++ DI++ D++ G+ e++ h-