Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Could Open Convicts' Cells In Prisons

Posted by Soulskill on from the need-firewalls-to-go-with-those-real-walls dept.

Hugh Pickens writes "Some of the same vulnerabilities that the Stuxnet superworm used to sabotage centrifuges at a nuclear plant in Iran exist in the country's top high-security prisons where programmable logic controllers (PLCs) control locks on cells and other facility doors. Researchers have already written three exploits for PLC vulnerabilities they found. 'Most people don't know how a prison or jail is designed; that's why no one has ever paid attention to it,' says John Strauchs, who plans to discuss the issue and demonstrate an exploit against the systems at the DefCon hacker conference next week. 'How many people know they're built with the same kind of PLC used in centrifuges?' A hacker would need to get his malware onto the control computer either by getting a corrupt insider to install it via an infected USB stick or send it via a phishing attack aimed at a prison staffer, since some control systems are also connected to the internet, Strauchs claims. 'Bear in mind, a prison security electronic system has many parts beyond door control such as intercoms, lighting control, video surveillance, water and shower control, and so forth,' adds Strauchs. 'Once we take control of the PLC we can do anything (PDF). Not just open and close doors. We can absolutely destroy the system. We could blow out all the electronics.'"

2 of 203 comments (clear)

  1. Internet? by betterunixthanunix · · Score: 5, Insightful

    Why are the prison control systems connected to the Internet? Who thought that was a good idea?

    --
    Palm trees and 8
    1. Re:Internet? by vlm · · Score: 5, Insightful

      I'm more curious why do they need to control everything from 1 computer? What's wrong with a simple keylock or if that's too 'medieval' for you, a standalone code lock? Also, why are the showers and everything electronically controlled? That's something most homes don't have.

      With more prisoners in the system than the rest of the world combined, for profit private prisons automate to save money. That makes them cheaper that govt prisons, which forces the govt prisons to automate or else all their "guests" will get transferred to "save money by using the free market". In a race to the bottom, there is no opting out.

      By controlling the showers you can stop people from F-ing around during lockdown... If the guards have to go in to break up a fight, at least the water is off.

      --
      "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger