Tuesday, November 8, 2011

Hacking Death Row

I've been ranting about the simply appalling security in SCADA systems (industrial control systems used in factories, power generation and transmission, and other critical infrastructure).  The security is roughly as strong as moonbeams or cotton candy, and last year's STUXNET attack on Iran's nuclear enrichment gave not just a great demonstration of the possibilities, but actual source code to people who might be interested.

So ask yourself who might be interested.  Criminals, perhaps?  Well, guess what's controlled by these very same SCADA systems: prisons:

Strauchs began his project to investigate the security of industrial control systems in prisons after he was asked to investigate an incident during which all the cell doors on one (unnamed) prison's death row spontaneously opened. The cause was eventually traced back to a random power surge, but the incident got Strauchs thinking and prompted him to have a closer look at the security of industrial control systems in prisons.

Industrial control systems in prisons have no business being connected to the internet. Despite this, the team of researchers led by Strauchs discovered every prison system they looked at was connected to the internet one way or another.
So what can you do via a hacked prison SCADA system?  Everything: turn the lights on or off, open the cell doors, shut down the CCTV monitoring systems.  And control what information is shown to the guards - for example, you could open cell doors while having the display in the control room show that they were closed.

What could possibly go wrong?

Connected to the Internet.  Sheesh.  I can fix that one ...


Dwight Brown said...

The Register article makes it sound like this presentation was very similar to the one Strauchs et al gave at DEFCON 19 earlier this year.

In case anyone's interested, here's a link to their white paper.

Ted N said...

What I the Good Lord's name is with this obsession with connecting nearly unsecured vital systems to the internet? Does everyone in charge have no imagination at all? WTF is wrong with these people? If you want to pass status reports and such back and forth, how hard would it be to put a PDF file from the system or something like it on a thumb drive, unplug, spin chair, plug into the connected terminal, scan load and send it?

WV: supewin; It's gonna be a supewin when some villain crashes all these systems at the same time.