NASA denies using Log4j in its Mars Ingenuity helicopter

Photo: PATRICK T. FALLON/AFP (Getty Images)

Did log4j, the buggy software program from hell, hack NASA’s experimental Mars helicopter? The answer is: No – according to NASA, it doesn’t even use the doomed tool.

The register originally reported which uses Ingenuity, one of the US space agency’s two Mars-based vehicles log4j. In fact, Apache, the maker of the ubiquitous, vulnerability-ridden tool, apparently tweeted in June that the space helicopter was “powered by” log4j. (Save that under stuff that hasn’t aged particularly well.) Unsurprisingly, the tweet has been since deleted but the Wayback Machine shows proof.

All that “powered by” business was apparently wrong, with the company tell futurism that it was “misinformed”.

Log4j, in case you missed it, is a widely used Apache logging program that has recently been discovered to suffer from severe security vulnerabilities with which you could easily be hacked. It’s been used by pretty much everyone from programmers at Twitter and Apple to those at Amazon and LinkedIn. But apparently not the NASA engineers who built Ingenuity.

ingenuity, that is the first man-made vehicle to fly on an alien planet was launched last year and landed on Mars in March along with its partner, the Perseverance rover. The automated helicopter recently made its 17th flight over the planet’s surface, breaking its previous record with: stay up just over 30 minutes. Although the flight was largely a success, the vehicle temporarily disappeared from NASA’s view after a minor network problem. “The rotorcraft’s status after the Dec. 5 flight was previously unconfirmed due to an unexpected interruption in in-flight data flow when the helicopter descended to the surface at the end of its flight,” the space agency reported in a recent publication. press release.

Ingenuity’s use of the unfortunate Apache utility, coupled with the recent unexpected data disruption, resulted in wonder: Did Apache’s Bug Hack NASA’s Space Helicopter?

Absolutely not, according to NASA, which told Futurism in a statement: “NASA’s Ingenuity helicopter does not run on Apache or log4j, nor is it susceptible to the log4j vulnerability. NASA takes cybersecurity very seriously and for this reason we do not discuss details regarding the cybersecurity of agency assets.”

We’ve reached out to NASA for additional information and will update when we hear back.

That it was even plausible that Ingenuity log4j (pronounced “log for j”, as in “log for Java”, according to its creator) speaks more of its ubiquity than of some mystical alien hacking incident. And while the bug-ridden utility had nothing to do with Ingenuity, according to NASA, it’s still a huge problem. As companies around the world race to patch their systems, cybercriminals are hot on their heels — already starting to wreak significant havoc.

The epic Log4j Bug Saga continues

A good example is that ransomware gangs are now targeting log4j like there is no tomorrow. It was reported earlier this week that a new ransomware family called “Khonsari” had gone after vulnerable Microsoft computers to try exploits. From that moment on, we have also seen hackers affiliated with Conti, a well-known ransomware gang, are beginning to target vulnerable systems. In fact, the gang may have… just attacked McMenamins – the funky brewery/hotel/event franchise based in Portland, Oregon, which reported an attack Friday. conti is only suspicious on this point.

However, ransomware hackers are not the only kids taking advantage of this situation. Exploitation attempts of all kinds have been seen on the internet, with cybercriminals swarming around the vulnerabilities and trying everything from crypto mining to data theft and everything in between. In addition, reports of state-sponsored hacking activities have also surfaced, with reports that China, North Korea, Iran and others are all exploiting the vulnerabilities for their spying activities.

Meanwhile, the federal government emergency measures taken on Friday to secure itself by issuing an order from the U.S. Cybersecurity and Infrastructure Security Agency to all federal agencies of the civilian executive, mandating that they patch the Apache bug within the next six days. CISA Director Jen Easterly urged everyone relevant agencies to “join us in this vital effort”.

Yes, it’s all bad. Only time will tell how big the mess wrought by log4j is, but don’t hold your breath. It will take a while to figure out how screwed we all are.

Stay tuned for more such real estate news and updates at

Leave a Comment