The same devices that enabled hackers to sabotage centrifuges at an Iranian nuclear plant last year are being used to control access to jail cells in some of the United States’ most important high-security prisons.
John Strauchs, who serves as a security consultant and engineer for at least 100 such prisons, and his partners report that the equipment and know-how required to manipulate some of the “programmable lock controllers” used to control cell doors are obtainable for as little as $2,500 and can be exploited remotely if connected to the Internet, which many systems are. Strauchs is expected to demonstrate a comparable attack at a hacking conference in Las Vegas next week. —ARK
Some of the same vulnerabilities that the Stuxnet superworm used to sabotage centrifuges at a nuclear plant in Iran exist in the country’s top high-security prisons, according to security consultant and engineer John Strauchs, who plans to discuss the issue and demonstrate an exploit against the systems at the DefCon hacker conference next week in Las Vegas.
Strauchs, who says he engineered or consulted on electronic security systems in more than 100 prisons, courthouses and police stations throughout the U.S. — including eight maximum-security prisons — says the prisons use programmable logic controllers to control locks on cells and other facility doors and gates. PLCs are the same devices that Stuxnet exploited to attack centrifuges in Iran.
... PLCs are small computers that can be programmed to control any number of things, such as the spinning of rotors, the dispensing of food into packaging on an assembly line or the opening of doors.