Hackers could throw open prison doors, research shows

Filed Under: Featured, Law & order, Malware, Privacy, Vulnerability

John J Strauch headshotResearch presented at the Hacker Halted conference in Miami late last month showed how hackers could take control of industrial control systems (ICS) used in prisons.

The research team, made up of ex-CIA man John Strauchs, who boasts 40+ years in the security and intelligence business, his daughter, a computer researcher/attorney/professor named Tiffany Rad, and Teague Newman, presented the paper "SCADA and PLC Vulnerabilities In Correctional Facilities" to share their findings at the conference.

The team revealed that security systems used in most American prisons were shown to be vulnerable, allowing hackers to overload the circuitry controlling prison doors, effectively locking them permanently open, according to a Washington Times article by Chris Burke.

The research began after Strauchs was called in by a warden to figure out how all the cell doors on one prison's death row spontaneously opened, according to ArsTechnica.

Prison Doors Open 175x175ICS is a general term that includes supervisory control and data acquisition (SCADA) systems and distributed control systems (DCS).

ICS effectively allow for the remote control of specific operations such as opening and closing of doors in a prison. They can collect data from sensor systems, as well as monitor the local environment for alarm conditions. They are used in many industries, including prisons.

While ICS should not be on the internet, the research team found many instances where the system was connected to other networks or devices after specialist installation. This would allow for remote attacks on the ICS.

In fact, in the process of validating the research, the Department of Homeland Security found internet capabilities at every one of the 400-plus locations they inspected. Staff apparently wanted to check their email, surf the web, or perform a software update remotely.

Even systems that were successfully cut off from the Internet could be attacked by malicious insiders, or anyone with enough access to insert a thumb drive into a computer work station, Mr. Strauchs told the Washington Times.

So the take-away all businesses can learn from this one?

Educate your users when you cannot provide ubiquitous services like the internet or remote administration. Users absolutely need to understand the risks associated with their actions to avoid the organisation being put at danger because the employees didn't know better.

After all, the human urge to simplify and facilitate where possible is a natural one. Expect it, and circumvent it, before it becomes a problem.

, , , , , ,

You might like

3 Responses to Hackers could throw open prison doors, research shows

  1. Beth h · 1086 days ago

    Difficult to get the guards etc to give up convenience of checking their email once they have it. Somehow they don't think very far ahead to see the ramifications of their "conveniences".

  2. jeff · 1086 days ago

    Carole Theriault, this concept is BS. Plain and simple.

    The 'researcher' is full of it, not only is it not really plausable, its not really even possible. Id like to see if happen in ANY operating jail as a test.

    I call BS. wasted ink.

  3. SecurityPro · 1079 days ago

    jeff

    you have no basis for your comment - you sound like upper management of so many companies who have suffered breaches this year....

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Hi. I am a social, brand and communications expert with 10 years in senior roles in the tech space. I'm currently Sophos' s Global Director of Social Media and Communities. Proudest work achievement? Creating and launching award-winning Naked Security. Outside work, I am a mean cook, an avid reader, a chronic insomniac, a podcast obsessive and blogger .