Feeds

Hackers can spring Death Row crims from cells

Researchers prove SCADA jailbreak risk

Choosing a cloud hosting partner with confidence

Computer systems used to control federal prison facilities are riddled with vulnerabilities that might allow criminals to meddle with cell door opening mechanisms or shut down internal communications systems, according to security researchers.

The vulnerabilities – which stem from flaws in industrial control systems and programmable logic controllers – were demonstrated by a team led by John Strauchs, who demonstrated the flaws at the recent Hacker Halted information security conference in Miami. Despite having no previous experience with SCADA (industrial control) kit, Strauchs and his colleagues were able to develop workable exploits, validated using a test rig that cost just $2,500 to construct in the basement of his research partner, Teague Newman. Strauchs' daughter – attorney, professor and computer security researcher Tiffany Strauchs Rad – also contributed in the research.

The resulting talk, SCADA And PLC Vulnerabilities In Correctional Facilities (abstract below), sounds absolutely gripping.

On Christmas Eve, a call was made from a prison warden: all of the cells on death row popped open. Many prisons and jails use SCADA systems with PLCs to open and close doors. Not sure why or if it would happen, the warden called physical security design engineer, John Strauchs, to investigate. As a result of their Stuxnet research, Rad and Newman have discovered significant vulnerabilities in PLCs used in correctional facilities by being able to remotely flip the switches to “open” or “locked closed” on cell doors and gates. Using original and publically available exploits along with evaluating vulnerabilities in electronic and physical security designs, this talk will evaluate and demo SCADA systems and PLC vulnerabilities in correctional and government secured facilities while recommending solutions.

The researchers have turned over a dossier on their findings to state and federal prison authorities, who have good reason to take its findings seriously. "We validated the researchers’ initial assertion ... that they could remotely reprogram and manipulate [the ICS software and controllers]," Sean P McGurk, a former Department of Homeland Security cybersecurity director, told the Washington Times.

Possible exploits include overloading the electrical system that controls prison doors, locking them permanently open, or crashing either CCTV or prison intercom systems.

Strauchs began his project to investigate the security of industrial control systems in prisons after he was asked to investigate an incident during which all the cell doors on one (unnamed) prison's death row spontaneously opened. The cause was eventually traced back to a random power surge, but the incident got Strauchs thinking and prompted him to have a closer look at the security of industrial control systems in prisons.

Industrial control systems in prisons have no business being connected to the internet. Despite this, the team of researchers led by Strauchs discovered every prison system they looked at was connected to the internet one way or another.

In some cases, for example, the internet connection was set up so that remote maintenance of the kit could be carried out without the need for contractors to visit the jail. In other cases networks used to enable prison staff to access the net were poorly segmented from SCADA control systems. Infected USB drives contaminated with a Stuxnet-style worm posed another, wholly unguarded infection vector. SCADA systems might be deprogrammed by malware of this type either accidentally or (more plausibly) by either bribing or blackmailing a prison guard. A targeted malware-infected email might also be used to introduce a SCADA worm into a prison environment.

"You could open every cell door, and the system would be telling the control room they are all closed," Strauchs, a former CIA operations officer, told the Washington Times.

Anyone who got out of their cell this way would still have prison guards, dogs, guns and barbed wire to contend with if they hoped to escape. Strauchs said a more plausible scenario might be that the security weakness was exploited to slip assassins out of their cells in order to gain access to a targeted prisoner. ®

Beginner's guide to SSL certificates

More from The Register

next story
NASTY SSL 3.0 vuln to be revealed soon – sources (Update: It's POODLE)
So nasty no one's even whispering until patch is out
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
US government fines Intel's Wind River over crypto exports
New emphasis on encryption as a weapon?
To Russia With Love: Snowden's pole-dancer girlfriend is living with him in Moscow
While the NSA is tapping your PC, he's tapping ... nevermind
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
Put down that shotgun: Wi-Fi's the way to beat Zombies
CreepyDOL sensors can pick walkers from humans with MAC snack attack
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.