Wednesday, 16 November 2011
The discovery came hot on the heals of a strange event one Christmas eve, when all of the doors to a US prison's death row cells opened, apparently on their own.
An investigation into this potentially disastrous event found that the problem was due to an electrical fault. However, further checks revealed that the door locks could be tripped on purpose. Furthermore, while prison locking systems are not supposed to have any internet connectivity, in practice this seems not to be the case.
Sean McGurk, formerly of the US Department of Homeland Security, claims that when he inspected over 400 prison facilities, "in no case did we ever not find connections. They were always there."
The discovery that prison door locks can be hacked over the internet was made by ex-CIA officer John Strauchs. He claims that maximum security prisons use programmable logic controllers (PLCs) to handle automating door locking and unlocking. PLCs were hacked in the infamous Stuxnet attack on Iranian nuclear facilities.
The Stuxnet worm was able to reprogram the systems controlling centrifuges used to enrich Uranium. It did so in a way that would damage the equipment and, therefore, slow down the Iranian nuclear programme. Strauchs took a similar approach to his research and has demonstrated an internet attack on prison doors. It seems from his description as if he used a rootkit-type approach.
"You could open every cell door, and the system would be telling the control room they are all closed," he told The Washington Times.
In an interview with VentureBeat he also proposed another, possibly more sinister scenario than a mass jailbreak. He imagined the possibilities of an assassination in which, "if you are a [gang member], you prevent a door from opening, and you start a prison fire."
Strauchs presented his findings at the Halted Hacker conference in Miami on 26th October 2011.