NASA confirms Ingenuity not vulnerable to log4j flaw

An illustration of the Ingenuity helicopter on Mars
(Image credit: NASA/JPL-Caltech)

The panic surrounding Log4Shell, the now-infamous log4j vulnerability, has reached all the way to Mars, where strange behavior from NASA's Ingenuity helicopter has raised concerns.

The Ingenuity helicopter reached the surface of Mars alongside the Perseverance rover back in February 2021, and took flight for the 17th time on December 5. However, as it was descending, an “unexpected cut-off to the in-flight data stream” occurred, which resulted in the NASA team not knowing exactly what the status of the craft was, the organization explained.

As the incident coincided with the log4j vulnerability disclosure, some people have begun to connect the dots. The theory originated with a June Twitter post from The Apache Software Foundation, which states the helicopter mission is “powered by Apache log4j”.

NASA is yet to comment on claims log4j may have had something to do with the issue.

Ingenuity is fine

In the same blog post, NASA later explains that a follow-up investigation determined the flight a success.

“Perseverance serves as the helicopter’s communications base station with controllers on Earth. A handful of data radio packets the rover received later suggested a healthy helicopter on the surface but did not provide enough information for the team to declare a flight success," wrote the space agency.

"But data downlinked to mission engineers at NASA’s Jet Propulsion Laboratory in Southern California on Friday, Dec 10, indicates that Flight 17 was a success and that Ingenuity is in excellent condition.”

Log4j is a Java logger that was recently discovered to hold a critical flaw, which allows malicious actors (even those with very little skill) to run arbitrary code on millions of endpoints, and push out malware, ransomware and cryptominers.

Edit, December 20: After reaching out to NASA, a spokesperson has confirmed that the Martian devices are in no way susceptible to Log4Shell, but declined to comment on the copter's security in more detail:

"NASA’s Ingenuity helicopter does not run Apache or log4j nor is it susceptible to the log4j vulnerability. NASA takes cybersecurity very seriously and, for this reason, we do not discuss specifics regarding the cybersecurity of agency assets," Alana R. Johnson told TechRadar Pro.

"The interruption in data communications between the Ingenuity helicopter and the base station on the Perseverance rover during Flight 17 occurred when the signal was blocked by elevated terrain between the two as Ingenuity descended at the end of the flight.  Effectively, Ingenuity “flew behind a hill” or out of the rover's line of sight, briefly interrupting high-speed communications between the two spacecraft."

You might also want to check out the best firewalls right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.