Hackers Could Open Convicts' Cells In Prisons 203
Hugh Pickens writes "Some of the same vulnerabilities that the Stuxnet superworm used to sabotage centrifuges at a nuclear plant in Iran exist in the country's top high-security prisons where programmable logic controllers (PLCs) control locks on cells and other facility doors. Researchers have already written three exploits for PLC vulnerabilities they found. 'Most people don't know how a prison or jail is designed; that's why no one has ever paid attention to it,' says John Strauchs, who plans to discuss the issue and demonstrate an exploit against the systems at the DefCon hacker conference next week. 'How many people know they're built with the same kind of PLC used in centrifuges?' A hacker would need to get his malware onto the control computer either by getting a corrupt insider to install it via an infected USB stick or send it via a phishing attack aimed at a prison staffer, since some control systems are also connected to the internet, Strauchs claims. 'Bear in mind, a prison security electronic system has many parts beyond door control such as intercoms, lighting control, video surveillance, water and shower control, and so forth,' adds Strauchs. 'Once we take control of the PLC we can do anything (PDF). Not just open and close doors. We can absolutely destroy the system. We could blow out all the electronics.'"
Re:Internet? (Score:4, Funny)
I'm more curious why do they need to control everything from 1 computer? What's wrong with a simple keylock or if that's too 'medieval' for you, a standalone code lock?
It allows them to open up(or close/lock) whole rows of cells, or a single cell from a secure, central location. This way, if person is able to get out of his cell, he can't simply run down to the end of the row and flip a switch. Also, think about how Sean Connery got out in The Rock.
No no no no..... (Score:5, Funny)
UNLOCK ALL INMATE DOORS
DEACTIVATE SECURITY SYSTEM
Then you smash the screen with a hammer so that no one can override the commands. It's simple.
What?
.
Re:No no no no..... (Score:5, Funny)
This is you do it. You just break into the warden's office, find his PC, go to a command line and enter: UNLOCK ALL INMATE DOORS DEACTIVATE SECURITY SYSTEM .
You left out a critical step. The computer will respond with ACCESS DENIED, at which point you type OVERRIDE