Feeds

PLCs a prison vulnerability: researchers

Now there’s a jailbreak

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

Hard on the heels of warnings that critical systems in America are vulnerable to Stuxnet-style attacks, a group of security researchers says SCADA systems and PLCs make prisons vulnerable to computer-based attacks.

In a white paper published here, Teague Newman, Tiffany Rad and John Strauchs say the use of PLCs (programmable logic controllers) to control systems such as cell doors means that prisons inherit the vulnerabilities of PLC-based systems.

There isn’t actually much that’s new in their document: if SCADA and PLC systems are vulnerable to attacks, then so are the systems they control. The main point of the discussion is that most people, includingepl perhaps the authorities operating prisons, are only dimly aware of the extent to which physical security is a function of IT security.

PLCs are deployed in jails because of the complex controls needed: there are rules (for example) dictating which doors may be open at the same time, what times different doors may be open, which alarms or alerts (if any) should be sounded for different doors or combinations of doors being open, and so on.

If an attacker were able to infiltrate a Stuxnet-like worm into the prison environment, the paper’s authors say, they might be in a position to suppress alarms, open doors, or even damage systems by overriding the systems that limit how many door mechanisms can operate at once.

Of course, if prisons using PLCs are vulnerable to computer-based attacks, so are any facilities that use SCADA systems in access control, to the extent that such control systems are either accessible to the Internet, or vulnerable to a “poisoned USB key” attack.

Strauchs plans to demonstrate a proof-of-concept at Defcon next week. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
UK smart meters arrive in 2020. Hackers have ALREADY found a flaw
Energy summit bods warned of free energy bonanza
DRUPAL-OPCALYPSE! Devs say best assume your CMS is owned
SQLi hole was hit hard, fast, and before most admins knew it needed patching
Knock Knock tool makes a joke of Mac AV
Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Mozilla releases geolocating WiFi sniffer for Android
As if the civilians who never change access point passwords will ever opt out of this one
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.
Mitigating web security risk with SSL certificates
Web-based systems are essential tools for running business processes and delivering services to customers.