This article is more than 1 year old

Orion hacker sends stowaway into SPAAAAACE

Terrestrial attack packs p0wnload aboard sub-orbital flight

One of the 1.3 million names sent into space aboard NASA's Orion test capsule was a stowaway, uploaded to NASA's database by a security researcher who found and exploited a vulnerability.

The name 'Payload1 Payload2' was one of three uploaded to the NASA Orion database that collected names to be later transferred to a chip aboard the rocket and shot into space.

The hack since closed was not malicious nor dangerous to the mission but rather a flexing of grey matter by bug hunter Benjamin Kunz Mejri.

"Two IDs were observed by the NASA team and one passed through the procedure of verification and validation," Mejri wrote in an advisory.

"To ensure the ticket was closed NASA included an image that shows the user in the official NASA 'no fly list'.

"The high severity vulnerability allows remote attackers to inject own system specific codes to the application-side of the affected NASA online-service website."

The filter bypass and persistent input validation web vulnerability was related to the first and surname fields of the Orion boarding pass module.

It let remote attackers to inject scripts to compromise NASA's embed boarding pass module.

"After saving the malicious context to a boarding pass service the attacker can use the embed module to stream malicious codes as embed code execution through the boarding pass application of the NASA Mars program website," he said.

Mejri reported the flaw and his exploits to NASA which promptly banned two of the three identities uploaded, allegedly missing one. The two known identities were stamped with a 'no fly list' while the third remains known only to Mertz.

Names were written to a chip using e-beam lithography and subsequently flashed to a second chip which went into space.

NASA said the chip was not vulnerable since it was isolated and lacked executable code.

The ship landed safely in the Pacific Ocean Saturday a mile and a half off-target.

Mejri's payload spent four hours and 24 minutes in two elliptical orbits of Earth, with an apogee of 5800 kilometres. ®

More about


Send us news

Other stories you might like