When you think of prison, the words “secure” and “locked down” should be the first that come to mind, but never would I want to hear “system vulnerability” and “hackers can remotely access doors” associated with prison. Unfortunately that seems to be exactly the case here.
At this year’s Hacker Halted conference, researchers discovered that for a mere $2500 and a long night’s worth of coding, you could potentially access a prison’s “industrial control systems,” or locks as we civilians may refer to them. The problem appears to be the fact that although the computer systems at prisons should really not be connected to the internet, it turns out that many are.
Often times these systems are connected to the internet either for remote maintenance purposes, there were instances found where prison staff would take a few minutes of on the clock time to do what we all do at our jobs – goof around online. Though not being connected to the internet seems like a simple enough solution, it turns out that systems without an internet connection fared off worse because of social engineering scams or bribes and USB key could bypass security entirely.
Since the report was made public at Hacker Halted, all findings have been shared the Department of Homeland Security and are in the process of being fixed. I sure hope so.
Hat tip to reader: Killahkazx