A security researcher claims he slipped a fake name onto NASA’s first launch of a test capsule that could one day carry humans to Mars.
NASA had invited people to add their names to a microchip that would travel with the capsule during its test flight. It plans to continue the practice for future flights.
{mosads}The capsule, dubbed Orion, had its first test flight Friday, orbiting the Earth twice before safely parachuting into the Pacific Ocean.
In probing NASA’s security measures ahead of the launch, researcher Benjamin Kunz Mejri of Germany’s Vulnerability Lab found a flaw that allowed him to inject code into the NASA site that was accepting names for the capsule.
He called it a “high severity vulnerability,” since it could potentially allow nefarious actors to ultimately get malicious code into the capsule’s electronic system.
To prove the flaw’s existence, Mejri injected three fake names into the system. Then he notified NASA, which quickly addressed the issue.
But Mejri claims NASA only caught two of the three false names he injected.
NASA said that, even if the corrupted name or corrupted malware made it onto the microchip, it would pose no danger to the capsule — or even the chip.
In a statement, the agency said approved names were converted into a form for the microchip that could not corrupt the microchip or damage other portions of the computer system.
The capsule’s computer system doesn’t even use the chip for its operations, NASA said, “so there is no risk in any case.”
The space agency also reiterated it reviews all entries received for the microchip.