Remotely Opening Prison Doors
This seems like a bad vulnerability:
Researchers have demonstrated a vulnerability in the computer systems used to control facilities at federal prisons that could allow an outsider to remotely take them over, doing everything from opening and overloading cell door mechanisms to shutting down internal communications systems.
The researchers began their work after Strauchs was called in by a warden to investigate an incident in which all the cell doors on one prison's death row spontaneously opened. While the computers that are used for the system control and data acquisition (SCADA) systems that control prison doors and other systems in theory should not be connected to the Internet, the researchers found that there was an Internet connection associated with every prison system they surveyed. In some cases, prison staff used the same computers to browse the Internet; in others, the companies that had installed the software had put connections in place to do remote maintenance on the systems.
The weirdest part of the article was this last paragraph.
"You could open every cell door, and the system would be telling the control room they are all closed," Strauchs, a former CIA operations officer, told the Times. He said that he thought the greatest threat was that the system would be used to create the conditions needed for the assassination of a target prisoner.
I guess that's a threat. But the greatest threat?
EDITED TO ADD (11/14): The original paper.
Posted on November 14, 2011 at 7:14 AM • 26 Comments