AI uncovers years-long security flaw exposing NASA spacecraft to potential hijacking

Space.com reports that an AI system has identified a flaw in NASA’s spacecraft communication security that remained in place for three years.

The issue was located in CryptoLib, a software library used to protect communication between spacecraft and ground systems. According to AISLE, the company whose AI tool discovered the problem, “a vulnerability in this software poses a threat to billions of dollars in space infrastructure and the scientific missions they enable.”

The researchers explained that the flaw existed in the authentication system and could allow an attacker to send unauthorized commands if they first gained access to operator credentials.

The team said the flaw had survived several human code reviews during its three-year presence. Their automated analyzer uncovered it within four days. AISLE described the vulnerability by stating that it “transforms what should be routine authentication configuration into a weapon.”

They added that “an attacker … can inject arbitrary commands that execute with full system privileges” once credentials are compromised.

Although the issue required some level of local access, the company still considered it an important risk because it affected communication systems connected to active missions.

The researchers shared that automated tools can examine large codebases and detect patterns that might be missed during manual checks.

How the flaw worked and how attackers could use it

AISLE’s report stated that the issue was located in the authentication process that manages communication between the spacecraft and mission control.

Their description noted that “an attacker … can inject arbitrary commands that execute with full system privileges” if they obtain credentials that allow authentication.

The researchers explained that attackers could gain such credentials through methods like phishing or by placing infected USB drives where staff might find them.

This access would then allow someone to send unauthorized commands or intercept data once they were inside the system.

The team wrote that the flaw “transforms what should be routine authentication configuration into a weapon,” indicating that normal login steps could be used to enable harmful actions.

They pointed out that attackers would still need some local or internal point of entry, which “reduces the attack surface compared to a remotely exploitable flaw,” but the risk remained because the software was widely used in NASA missions.

AISLE noted that the vulnerability lasted for three years, even though human reviewers had inspected the code multiple times during that period.

The researchers stated that automated tools can support this work by scanning entire codebases and highlighting behaviors that may not be easily seen during manual review.

How AI located the flaw and why automated tools helped

AISLE said its automated analyzer found the issue in four days. The company described the tool as one that can “systematically examine entire codebases, flag suspicious patterns, and operate continuously as code evolves.”

This ability allowed it to review the full library and detect the authentication problem that earlier human reviews had missed.

The team shared that human review “remains valuable,” but large and complex software may require additional support from automated systems that can run without breaks and repeat scans as updates are made.

The researchers noted that the issue survived for years because of the size and complexity of the CryptoLib code. The analyzer helped locate the specific behavior that allowed unauthorized commands once an attacker passed authentication checks using stolen credentials.

AISLE emphasized that automated tools are becoming part of routine cybersecurity work because they can detect issues across entire projects and assist teams responsible for security.

They published the findings in a blog post and coordinated with partners so the affected missions could apply the necessary updates.

Their report stated that the flaw required a combination of credential theft and internal access, but still represented a serious point of concern because of the number of systems using the software.

Stay tuned for more updates.