NASA spacecraft were vulnerable to hacking for 3 years and nobody knew. AI found and fixed the flaw in 4 days

A large white antenna dish points to the left of the screen with the sun in the blue sky behind it

Artificial intelligence could be key to the future of space security. (Image credit: NASA/JPL-Caltech)

Communications between Earth and NASA spacecraft were critically vulnerable to hacking for years until an AI found the flaw and fixed it in just four days.

The vulnerability was sniffed out by an AI cybersecurity algorithm developed by California-based start-up AISLE and resides in the CryptoLib security software that protects spacecraft-to-ground communications. The vulnerability could have enabled hackers to seize control over countless space missions including NASA's Mars rovers, according to the cybersecurity researchers.

"For three years, the security system meant to protect spacecraft-to-ground communications contained a vulnerability that could undermine that protection." the AISLE cyber-security researchers wrote in a blog post on the company's website describing the vulnerability. "A vulnerability in this software poses a threat to billions of dollars in space infrastructure and the scientific missions they enable."

The researchers said the vulnerability was found in the authentication system and could have been exploited through compromised operator credentials. For example, the attackers could have gained access to user names and passwords of NASA employees through social engineering, methods such as phishing or infecting computers with viruses uploaded to USB drives and left where personnel could find them.

"The vulnerability transforms what should be routine authentication configuration into a weapon," the researchers wrote. "An attacker … can inject arbitrary commands that execute with full system privileges."

In other words, an attacker could remotely hijack the spacecraft or just intercept the data it is exchanging with ground control.

Fortunately, to gain access to the spacecraft through the CryptoLib vulnerability would require the attackers to, at some point, have local access to the system, which "reduces the attack surface compared to a remotely exploitable flaw," the researchers said in the blog post.

The researchers said that the vulnerability survived in the authentication software despite multiple human reviews of the code over the three years it existed. AISLE's AI-powered "autonomous analyzer" discovered and helped fix the problem in four days, highlighting the potential these tools have in terms of detecting cybersecurity vulnerabilities.

"Automated analysis tools are becoming essential," the researchers wrote. "Human review remains valuable, but autonomous analyzers can systematically examine entire codebases, flag suspicious patterns, and operate continuously as code evolves."

Tereza is a London-based science and technology journalist, aspiring fiction writer and amateur gymnast. Originally from Prague, the Czech Republic, she spent the first seven years of her career working as a reporter, script-writer and presenter for various TV programmes of the Czech Public Service Television. She later took a career break to pursue further education and added a Master's in Science from the International Space University, France, to her Bachelor's in Journalism and Master's in Cultural Anthropology from Prague's Charles University. She worked as a reporter at the Engineering and Technology magazine, freelanced for a range of publications including Live Science, Space.com, Professional Engineering, Via Satellite and Space News and served as a maternity cover science editor at the European Space Agency.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.