Email
Password
Remember meForgot password?
    Log in with Twitter

article imageHackers could free prisoners from cell

By Samuel Okocha     Jul 31, 2011 in Crime
Hackers could exploit vulnerabilities in electronic systems that control prison doors to free prisoners from their jail cells, researchers say.
According to security consultant and engineer John Strauchs, some of the same vulnerabilities that Stuxnet superworm used to interrupt centrifuges at a nuclear plant in Iran are in US top high-security prisons.
Stuxnet's malicious commands are reportedly believed to have caused centrifuges in Iran to rotate faster and slower than normal to interfere with the country's uranium capabilities.
After consulting on electronic systems in over 100 prisons, courthouses and police stations throughout the US, Strauchs says the prisons use programmable logic controllers to control locks on cells and other facility doors and gates.
The security expert plans to discuss the issue and demonstrate an exploit against the systems at the DefCon hacker conference due from August 4 in Las Vegas.
''Most people don't know how a prison or jail is designed, that's why no one has ever paid attention to it,'' WIRED quoted Strauchs as saying. "How many people know they're built with the same kind of PLC used in centrifuges?''
WIRED reports that PLCs [the same devices that Stuxnet exploited to attack centrifuges in Iran] are small computers that can e programmed to control in number of things, such as spinning rotors, the dispensing of food into packaging on an assembly line or the opening of doors.
Most of the correctional facilities, prisons and jails in the US, according to Strauchs, use PLCs to control doors and manage their security systems.
Strauchs is said to have shown interest in testing PLCs after he learnt about the systems targeted by Stuxnet and realizing he had installed similar systems in prisons years back. He, along with his daughter Tiffany Rad, president of ELCnetworks, and independent researcher Teague Newman had purchased a Siemens PLC to look into it for vulnerabilities. He subsequently worked with an anonymous researcher who then wrote three exploits for vulnerabilities they found.
Not long ago, they met with the FBI and other federal agencies to talk about the vulnerabilities and their upcoming demonstration.
''The agreed we should address it,'' WIRED quoted Strauchs as saying. "They weren't happy, but they said it's probably a good thing what you're doing."
More about Hackers, United States, Prisons
More news from
Latest News
Top News