NASA nearly lost missions worth billions of dollars due to a security flaw that engineers had overlooked for three years. A vulnerability in the critical software CryptoLib could have allowed hackers to gain control over rovers and other spacecraft.
AI detected what humans missed
The AI algorithm from AISLE identified a serious problem in the system protecting communication between spacecraft and ground control centers. The vulnerability existed for three years, despite regular security checks and code analysis by NASA specialists.
The vulnerability affected the CryptoLib authentication system — software responsible for encrypting and protecting data transmitted between Earth and spacecraft. Attackers could exploit compromised operator credentials to gain unauthorized access.
"For three years, the security system designed to protect communication between spacecraft and Earth contained a vulnerability that could undermine this protection," noted AISLE specialists in their blog.
How hackers could attack space missions
The attack scenario appeared quite realistic. Attackers could access the usernames and passwords of NASA employees in several ways:
Social engineering and deceiving employees to obtain confidential information
Phishing attacks with the substitution of official websites and services
Infection of computers with viruses through USB drives or other external devices
Having obtained this data, the hacker could remotely take control of the spacecraft or access the data it exchanges with the flight control center. Missions worth billions of dollars, including Mars exploration programs, were at risk.
However, for successful exploitation of the vulnerability, attackers would need local access to the system, which significantly complicated the task compared to a fully remote attack.
4 days versus 3 years
The contrast between human capabilities and artificial intelligence has been striking. What NASA specialists could not detect during three years of regular checks, the AI system AISLE identified and helped to eliminate in just four days.
The authors of the study emphasize the growing importance of automated security analysis tools. "Human checks remain valuable, but autonomous tests can systematically examine all code bases, flag suspicious patterns, and continuously operate as the code evolves," they state.
The vulnerability has already been eliminated, and NASA's space missions continue to operate as usual. The incident serves as further proof that artificial intelligence technologies can complement human expertise in cybersecurity.
#NASA #AI #AImodel #Write2Earn
