Vulnerabilities Discovered In Prison SCADA Systems 128
phaedrus5001 writes with an excerpt from an Ars Technica article: "Researchers have demonstrated a vulnerability in the computer systems used to control facilities at federal prisons that could allow an outsider to remotely take them over, doing everything from opening and overloading cell door mechanisms to shutting down internal communications systems. ... The researchers began their work after [John] Strauchs was called in by a warden to investigate an incident in which all the cell doors on one prison's death row spontaneously opened."
Definitely not unexpected... (Score:3, Interesting)
The US has a corrections industry with an extremely strong lobby that pushes not just Congress, but judges (whom are elected) to be "tough on crime", or else they will be replaced by people on the bench who are.
Of course, handing over this to the private sector means that any security other than the obvious is done at the bottom most cost.
So, if one would expect a prison locking system to actually be secure from clued people, it wasn't in the contract and paid for, so it wasn't done. It is only a matter of time before this is used for hits on well known prisoners, either by people paid by rich victims, or a gang who managed to hire or coerce someone with IT knowledge.
Think COs wouldn't stick a USB flash drive into a machine and run stuff? A good number actually wouldn't and stay to their sworn oath. Others would plug a USB flash drive into a computer either out of curiosity, or because they are getting paid by other people in a prison gang. Smuggling a Stuxnet variant in on a fingernail sized drive is a whole lot easier than smuggling in a bag of weed or meth.