Hack the Mars rover
At 10 PM sharp, my local cable switched, as per city requirements, from the imminent deployment of the Mars rover to a city video BBS informing the viewer about recent changes to local dog tag regulations. Putting thoughts of Jim Bell aside, this gives me time to ask a question that has been on my mind since yesterday. With the solar system's hottest RC vehicle on Mars, how hard would it for a hacker to take control of the rover? Is NASA using any encryption/authentication of the commands issued to the rover? Thanks, --Lucky Green <shamrock@netcom.com> PGP encrypted mail preferred. DES is dead! Please join in breaking RC5-56. http://rc5.distributed.net/
On Sat, 5 Jul 1997, Lucky Green wrote:
With the solar system's hottest RC vehicle on Mars, how hard would it for a hacker to take control of the rover? Is NASA using any encryption/authentication of the commands issued to the rover?
Somehow, I don't think that's the place to mount an attempt to take it over. The prohibitive cost of getting an antenna into space where you can counter some of the effects of Earth's spin and keep the damn rover in contact all the time would be the biggest problem. The trick would be to get into NASA's flight control computers. They're almost definitely as top-secret military systems in terms of access. (i.e, no outside connections to unsecure nets, controls almost certainly limited to certain stations...) Besides, how much encryption is needed between two points if intercepting the traffic is expensive, the communications protocol is undocumented (as far as anyone outside NASA is concerned), and the actual frequency is also hard to find? ----------------------------------------------------------------------- Ryan Anderson - <Pug Majere> "Who knows, even the horse might sing" Wayne State University - CULMA "May you live in interesting times.." randerso@ece.eng.wayne.edu Ohio = VYI of the USA PGP Fingerprint - 7E 8E C6 54 96 AC D9 57 E4 F8 AE 9C 10 7E 78 C9 -----------------------------------------------------------------------
Ryan Anderson wrote:
Besides, how much encryption is needed between two points if intercepting the traffic is expensive, the communications protocol is undocumented (as far as anyone outside NASA is concerned), and the actual frequency is also hard to find?
The appropriate question is how much encryption (and other security) is needed if interrupting the traffic causes the loss of a great deal of money and difficult (if possible at all) fixes. This is the mindset of the Fed security wienies when specifying and designing; thus it must be the mindset of the non-Fed Wienie looking to crack. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Paul H. Merrill Merlyn Enterprises paulmerrill@acm.org I have no opinions (just facts) so it doesn't matter what my employer thinks.
On Mon, 7 Jul 1997, Paul H. Merrill wrote:
The appropriate question is how much encryption (and other security) is needed if interrupting the traffic causes the loss of a great deal of money and difficult (if possible at all) fixes. This is the mindset of the Fed security wienies when specifying and designing; thus it must be the mindset of the non-Fed Wienie looking to crack.
Well, if it matters any, my initial impression was that this discussion was based upon taking over the rover, not necessarily upon just performing a DoS attack on it. Frankly, I can't see a point to a DoS attack... taking it over, on the other hand could be fun.. ----------------------------------------------------------------------- Ryan Anderson - <Pug Majere> "Who knows, even the horse might sing" Wayne State University - CULMA "May you live in interesting times.." randerso@ece.eng.wayne.edu Ohio = VYI of the USA PGP Fingerprint - 7E 8E C6 54 96 AC D9 57 E4 F8 AE 9C 10 7E 78 C9 -----------------------------------------------------------------------
Ryan Anderson wrote:
On Mon, 7 Jul 1997, Paul H. Merrill wrote:
The appropriate question is how much encryption (and other security) is needed if interrupting the traffic causes the loss of a great deal of money and difficult (if possible at all) fixes. This is the mindset of the Fed security wienies when specifying and designing; thus it must be the mindset of the non-Fed Wienie looking to crack.
Well, if it matters any, my initial impression was that this discussion was based upon taking over the rover, not necessarily upon just performing a DoS attack on it. Frankly, I can't see a point to a DoS attack... taking it over, on the other hand could be fun..
----------------------------------------------------------------------- Ryan Anderson - <Pug Majere> "Who knows, even the horse might sing" Wayne State University - CULMA "May you live in interesting times.." randerso@ece.eng.wayne.edu Ohio = VYI of the USA PGP Fingerprint - 7E 8E C6 54 96 AC D9 57 E4 F8 AE 9C 10 7E 78 C9 -----------------------------------------------------------------------
Picture breaking the Rover -- How many Earthly JoyRides end in Wrecks? Picture "Finding an undocumented feature" which causes it to cease and desist. Picture the simple lost time on target for the mission. Each of these and a bunch more goes into the "cost of takeover" for the equation. In short, of course it is encrypted. DISCLAIMER: Never said it, never meant it, and I apologize to anyone who got the impression I was speaking as thpough others were theorizing on simple break the rich kid's toys escapades. PHM -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Paul H. Merrill Merlyn Enterprises paulmerrill@acm.org I have no opinions (just facts) so it doesn't matter what my employer thinks.
Yes, the idea was to take over the rover. A DoS would be an extremely idiotic thing to do. Of course so would be damaging the rover. But a little cruise... :-) -- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred On Mon, 7 Jul 1997, Ryan Anderson wrote:
On Mon, 7 Jul 1997, Paul H. Merrill wrote:
The appropriate question is how much encryption (and other security) is needed if interrupting the traffic causes the loss of a great deal of money and difficult (if possible at all) fixes. This is the mindset of the Fed security wienies when specifying and designing; thus it must be the mindset of the non-Fed Wienie looking to crack.
Well, if it matters any, my initial impression was that this discussion was based upon taking over the rover, not necessarily upon just performing a DoS attack on it. Frankly, I can't see a point to a DoS attack... taking it over, on the other hand could be fun..
----------------------------------------------------------------------- Ryan Anderson - <Pug Majere> "Who knows, even the horse might sing" Wayne State University - CULMA "May you live in interesting times.." randerso@ece.eng.wayne.edu Ohio = VYI of the USA PGP Fingerprint - 7E 8E C6 54 96 AC D9 57 E4 F8 AE 9C 10 7E 78 C9 -----------------------------------------------------------------------
On Mon, 7 Jul 1997, Lucky Green wrote:
Yes, the idea was to take over the rover. A DoS would be an extremely idiotic thing to do. Of course so would be damaging the rover. But a little cruise... :-)
Or someone could just replace the signal with one of their own. Having Elvis drive up in a '57 Chevy on the Martian landscape would be a cute hack. ]:> alano@teleport.com | "Those who are without history are doomed to retype it."
Lucky Green wrote:
Yes, the idea was to take over the rover. A DoS would be an extremely idiotic thing to do. Of course so would be damaging the rover. But a little cruise... :-)
-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
I hate to be the one to tell you this, but taking someone's toy away -- even just for awhile -- IS Denial of Service. And, yes, 'twould be a Blast to go joyriding. PHM
On Mon, 7 Jul 1997, Ryan Anderson wrote:
On Mon, 7 Jul 1997, Paul H. Merrill wrote:
The appropriate question is how much encryption (and other security) is needed if interrupting the traffic causes the loss of a great deal of money and difficult (if possible at all) fixes. This is the mindset of the Fed security wienies when specifying and designing; thus it must be the mindset of the non-Fed Wienie looking to crack.
Well, if it matters any, my initial impression was that this discussion was based upon taking over the rover, not necessarily upon just performing a DoS attack on it. Frankly, I can't see a point to a DoS attack... taking it over, on the other hand could be fun..
----------------------------------------------------------------------- Ryan Anderson - <Pug Majere> "Who knows, even the horse might sing" Wayne State University - CULMA "May you live in interesting times.." randerso@ece.eng.wayne.edu Ohio = VYI of the USA PGP Fingerprint - 7E 8E C6 54 96 AC D9 57 E4 F8 AE 9C 10 7E 78 C9 -----------------------------------------------------------------------
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Paul H. Merrill Merlyn Enterprises paulmerrill@acm.org I have no opinions (just facts) so it doesn't matter what my employer thinks.
On Mon, 7 Jul 1997, Paul H. Merrill wrote:
I hate to be the one to tell you this, but taking someone's toy away -- even just for awhile -- IS Denial of Service. And, yes, 'twould be a Blast to go joyriding.
Yeah, it's still DoS, but it's not quite the same as just taking the toy away from everyone.. ----------------------------------------------------------------------- Ryan Anderson - <Pug Majere> "Who knows, even the horse might sing" Wayne State University - CULMA "May you live in interesting times.." randerso@ece.eng.wayne.edu Ohio = VYI of the USA PGP Fingerprint - 7E 8E C6 54 96 AC D9 57 E4 F8 AE 9C 10 7E 78 C9 -----------------------------------------------------------------------
Just to clear up any confusion: I don't advocate interfering with the Mars probe in any way. As always, my interest in purely academic. -- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred On Mon, 7 Jul 1997, Paul H. Merrill wrote:
Lucky Green wrote:
Yes, the idea was to take over the rover. A DoS would be an extremely idiotic thing to do. Of course so would be damaging the rover. But a little cruise... :-)
-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
I hate to be the one to tell you this, but taking someone's toy away -- even just for awhile -- IS Denial of Service. And, yes, 'twould be a Blast to go joyriding.
PHM
On Mon, 7 Jul 1997, Ryan Anderson wrote:
On Mon, 7 Jul 1997, Paul H. Merrill wrote:
The appropriate question is how much encryption (and other security) is needed if interrupting the traffic causes the loss of a great deal of money and difficult (if possible at all) fixes. This is the mindset of the Fed security wienies when specifying and designing; thus it must be the mindset of the non-Fed Wienie looking to crack.
Well, if it matters any, my initial impression was that this discussion was based upon taking over the rover, not necessarily upon just performing a DoS attack on it. Frankly, I can't see a point to a DoS attack... taking it over, on the other hand could be fun..
----------------------------------------------------------------------- Ryan Anderson - <Pug Majere> "Who knows, even the horse might sing" Wayne State University - CULMA "May you live in interesting times.." randerso@ece.eng.wayne.edu Ohio = VYI of the USA PGP Fingerprint - 7E 8E C6 54 96 AC D9 57 E4 F8 AE 9C 10 7E 78 C9 -----------------------------------------------------------------------
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Paul H. Merrill Merlyn Enterprises paulmerrill@acm.org I have no opinions (just facts) so it doesn't matter what my employer thinks.
participants (4)
-
Alan -
Lucky Green -
Paul H. Merrill -
Ryan Anderson