Imagine the world’s most infamous serials killers and criminals being freed from their cell blocks due to hackers exploiting a jail system’s security vulnerabilities. Incredible frightening, huh? Well, according to a group of researchers led by team leader John Strauchs, that could become a scary reality, as he demonstrated the flaws during a recent Hacker Halted information security conference in Miami. The researchers used an industrial control kit called SCADA to develop a number of exploits that consisted of “overloading the electrical system that controls prison doors, locking them permanently open, or crashing either CCTV or prison intercom systems.”
Think that’s crazy? Here’s an abstract collected from Hacker Halted titled SCADA And PLC Vulnerabilities In Correctional Facilities, which sheds more light on the threat and mentions a security breach that occurred at an unknown correctional facility during the holidays:
On Christmas Eve, a call was made from a prison warden: all of the cells on death row popped open. Many prisons and jails use SCADA systems with PLCs to open and close doors. Not sure why or if it would happen, the warden called physical security design engineer, John Strauchs, to investigate. As a result of their Stuxnet research, Rad and Newman have discovered significant vulnerabilities in PLCs used in correctional facilities by being able to remotely flip the switches to “open” or “locked closed” on cell doors and gates. Using original and publically available exploits along with evaluating vulnerabilities in electronic and physical security designs, this talk will evaluate and demo SCADA systems and PLC vulnerabilities in correctional and government secured facilities while recommending solutions.
Granted prisoners can find themselves walking free from their cells, they still have to worry about prison guards and several other security measures. So we can all breath easy for now. But that’s not a good look for any criminal institution.