Hackers Could Open Convicts' Cells In Prisons

Hugh Pickens writes "Some of the same vulnerabilities that the Stuxnet superworm used to sabotage centrifuges at a nuclear plant in Iran exist in the country's top high-security prisons where programmable logic controllers (PLCs) control locks on cells and other facility doors. Researchers have already written three exploits for PLC vulnerabilities they found. 'Most people don't know how a prison or jail is designed; that's why no one has ever paid attention to it,' says John Strauchs, who plans to discuss the issue and demonstrate an exploit against the systems at the DefCon hacker conference next week. 'How many people know they're built with the same kind of PLC used in centrifuges?' A hacker would need to get his malware onto the control computer either by getting a corrupt insider to install it via an infected USB stick or send it via a phishing attack aimed at a prison staffer, since some control systems are also connected to the internet, Strauchs claims. 'Bear in mind, a prison security electronic system has many parts beyond door control such as intercoms, lighting control, video surveillance, water and shower control, and so forth,' adds Strauchs. 'Once we take control of the PLC we can do anything (PDF). Not just open and close doors. We can absolutely destroy the system. We could blow out all the electronics.'"

Re:Internet?

[hvm2hvm]

I'm more curious why do they need to control everything from 1 computer? What's wrong with a simple keylock or if that's too 'medieval' for you, a standalone code lock? Also, why are the showers and everything electronically controlled? That's something most homes don't have.

Re:Internet?

[DarkOx]

Well there is a little more than to running a modern prison then just sequestering and feeding the inmates. We have decided that we care about their health and safety as well.

In the event its necessary to evacuate the prison, say because there is a fire or something, central control of the locks would be very valuable. Much easier for the guards to grab the shotguns and rifles and say "Alright we are evacuating to the yard, the doors are going to unlock all of you then step out hands in the air were we can see them and form a line." than it would be for them to go through the cell block unlocking each cell or row of cells at time.

At the very least that would be a dangerous situation for the guards, already somewhat chaotic they don't want to have their backs turned to other prisoners while they focus on operating a lock mechanism rather than their surroundings. I should expect the folks we keep locked in high security detention facilities are likely to be the sort that would try to take advantage of an unusual situation which may arise, and being able to lock and unlock all doors at the same time is one of the many ways prions try and mitigate that risk.

Re:Internet?

[houghi]

To have remote access and that is the easiest way to do it. A leased line would be better.

The reason to have it remotely is the same reason why access to some banks is done off premises. If there is a hostile situation, you still have control of those doors.

The National Bank in Antwerp has a two-door entry. The second door only opens when the first door is closed. The person to control the door is not on site. So if he sees that I want to enter and he does not want me to, he can't be physically be forced to do so.

I also assume that there is not one person who controls that door and there will be protocols as what to do in what situation.

getting access to the person onsite might be possible. Offsite is a whole different layer.

Re:This article is Shite

[OzPeter]

You could run all of your PLC's through a router so you could have all your PLC's programmable from a remote location. We've never done that, but then again we also don't have a prison population and access controls to deal with.

I've done things like this and it works well. Had multiple remote sites connected to the home base via a VPN over the Internet. Not that I recommend programming from a remote location, but being able to ensure you have central backups, and do a centralized version control is a boon. The alternative was to have contract cowboys in each region with their own private copy of what they think the PLC program should be. So now the contractor arrives at site, checks out the PLC code from the central repository, modifies the PLC and then checks the code back in.