NASA Denies It Used the Doomed Log4j in Its Mars Ingenuity Helicopter

Did log4j, the buggy software program utility from hell, get NASA’s experimental Mars helicopter hacked? The reply is: Nope—in accordance with NASA, it doesn’t even use the doomed device.

The Register originally reported that Ingenuity, one in every of two Mars-based automobiles operated by America’s area company, makes use of log4j. In reality, Apache, the maker of the ever-present, vulnerability-ridden device, apparently tweeted again in June that the space-chopper was “powered by” log4j. (File that beneath issues that haven’t aged significantly effectively.) Predictably, the tweet has since been deleted however the Wayback Machine reveals the evidence.

All that “powered by” enterprise was apparently incorrect, with the corporate telling Futurism that it was “misinformed.”

Log4j, in case you’ve missed it, is a extensively used Apache logging program that was just lately found to be stricken with critical safety vulnerabilities that would simply get you hacked. It has been utilized by just about everybody, from coders at Twitter and Apple to these at Amazon and LinkedIn. But not, apparently, the NASA engineers who constructed Ingenuity.

Ingenuity, which is the primary man-made automobile to fly on an alien planet, was launched final 12 months and landed on Mars in March together with its associate, the Perseverance rover. The automated chopper just lately took its seventeenth flight over the floor of the planet—breaking its earlier file by staying aloft for just a little over half-hour. However, whereas the flight was principally successful, the automobile briefly disappeared from NASA’s view after struggling a minor community challenge. “The rotorcraft’s status after the Dec. 5 flight was previously unconfirmed due to an unexpected cutoff to the in-flight data stream as the helicopter descended toward the surface at the conclusion of its flight,” the area company reported, in a latest press release.

Ingenuity’s use of the unlucky Apache utility, coupled with its latest surprising knowledge disruption, led some to wonder: Did Apache’s bug get NASA’s area chopper hacked?

Absolutely not, in accordance with NASA, which informed Futurism this in an announcement: “NASA’s Ingenuity helicopter does not run Apache or log4j nor is it susceptible to the log4j vulnerability. NASA takes cybersecurity very seriously and, for this reason, we do not discuss specifics regarding the cybersecurity of agency assets.”

We’ve reached out to NASA for extra info and can replace after we hear again.

That it was even believable that Ingenuity might have used log4j (pronounced “log for j,” as in “log for Java,” in accordance with its creator) extra speaks to its ubiquity extra than it does to some mystical off-world hacking incident. And, whereas the bug-ridden utility didn’t, in accordance with NASA, have something to do with Ingenuity, it’s nonetheless an enormous downside. As firms all through the world race to patch their programs, cybercriminals are sizzling on their heels—and are already starting to trigger substantial harm.

The Epic Log4j Bug Saga Continues

Case in level, ransomware gangs are actually concentrating on log4j like there’s no tomorrow. It was reported earlier this week {that a} new ransomware household dubbed “Khonsari” had been going after weak Microsoft computer systems to aim exploits. Since then, we’ve also seen hackers affiliated with Conti, a well known ransomware gang, start concentrating on weak programs. In reality, the gang might have just attacked McMenamins—the funky brewery/resort/occasions franchise primarily based in Portland, Oregon, which reported an assault Friday. Conti is only suspected at this level.

However, ransomware hackers aren’t the one children on the block profiting from this case. All sorts of exploitation makes an attempt have been seen all through the web, with cybercriminals swarming across the vulnerabilities and making an attempt the whole lot from cryptomining to knowledge theft to the whole lot in between. Additionally, stories of state-backed hacking actions have also popped up, with stories that China, North Korea, Iran, and others, are all leveraging the vulnerabilities for his or her espionage actions.

Meanwhile, the federal authorities took emergency action on Friday to safe itself, issuing an order from the U.S. Cybersecurity and Infrastructure Security Agency to all federal Civilian Executive Branch businesses that mandates they patch the Apache bug inside the subsequent six days. CISA director Jen Easterly urged all related businesses to “join us in this essential effort.”

Yes, it’s all fairly unhealthy. Only time will inform how massive the mess wrought by log4j is however don’t maintain your breath. It’s going to take awhile to learn how screwed all of us are.