Slashdot Mirror

← Back to Stories (view on slashdot.org)

Vulnerabilities Discovered In Prison SCADA Systems

Posted by Unknown on from the release-the-prisoners dept.

phaedrus5001 writes with an excerpt from an Ars Technica article: "Researchers have demonstrated a vulnerability in the computer systems used to control facilities at federal prisons that could allow an outsider to remotely take them over, doing everything from opening and overloading cell door mechanisms to shutting down internal communications systems. ... The researchers began their work after [John] Strauchs was called in by a warden to investigate an incident in which all the cell doors on one prison's death row spontaneously opened."

3 of 128 comments (clear)

  1. Re:Repeat (sort of) by Stone+Rhino · · Score: 4, Informative

    Slashdot ate the link. here:
    http://www.wired.com/threatlevel/2011/07/prison-plc-vulnerabilities/

    --


    Remember, there were no nuclear weapons before women were allowed to vote.
  2. Re:Ignorance is bliss by thegarbz · · Score: 1, Informative

    Yep another typically ignorant post by someone who thinks they know security.

    1 - Don't connect shit like this to the internet

    Yes the airgap-it-and-fuck-it approach works really well for the targetted attacks on SCADA systems.

    don't allow employees to stick their usb drives in work computers

    Easier said then done, especially since you just removed their network connections. Like it or not USB as a system to transfer data is here to stay. It needs to be managed not banned. Sure the burn a CD approach works well but these days you can't necessarily take for granted that the computers given to employees are capable of this anymore.

    run Linux

    Yes the run-linux-and-fuck-it approach works really well for the targetted attack s on SCADA systems. This is as ignorant as post number 1. Actually worse so since you don't actually get the option of what system you run. You will get given the system from the vendor who provided you with the SCADA software. It will be locked down. This is not optional, or do you think people like attempting to maintain Windows NT4 computers for shits and giggles?

    Here's an exercise, try find a SCADA vendor who will let you dictate what system you want to buy.

    disable Autorun in Windows

    My god you said something sensible from a security standpoint. But you've just closed one vector. One of the very many vectors, the weakest one being that humans can click on things.

    problem solved

    No sir you're did not solve the problem. You and people like you who take haphazard approaches to security and think you're so clever ARE the problem.

  3. Re:Sure, then multiply by one thousand by jbengt · · Score: 3, Informative

    Last time I was in prison (on work) was a long time ago, before digital controls became ubiquitous. Opening every door to every cell would have been a big problem where the worst criminals were. (Some were known to do fun things like throw shit (literally) on guards when they walked by.) However, to get out of a cell block, and again to get out of the inner yard, and again to get outside of the prison walls, one had to walk through 10 foot long vestibules with guards at each end. The doors of the vestibule were hard-wired so that one could not open unless the other was closed.