Computerized U.S prisons has critical vulnerability, a hacker can successfully break the system and remotely open cell doors.
Also hacker can shutdown all internal communication system through the prison intercom system and crash the facility’s closed-circuit television system, blanking out all the monitors.
"You could open every cell door, and the system would be telling the control room they are all closed,” said John J. Strauchs, a former CIA operations officer who helped develop a cyber-attack on a simulated prison computer system and described it at a hackers’ convention in Miami recently.
The security systems in most American prisons are run by special computer equipment called industrial control systems, or ICS. They are also used to control power plants, water treatment facilities and other critical national infrastructure. ICS has increasingly been targeted by hackers because an attack on one such system successfully sabotaged Iran’s nuclear program in 2009.
A hacker could exploit this vulnerability by overloading the electrical system that controls the prison doors, locking them permanently open.
We validated the researchers’ initial assertion … that they could remotely reprogram and manipulate” the special software controllers that run the systems,Sean P McGurk, a former Department of Homeland Security cybersecurity director, told Washingtontimes.
Teague Newman, another member of their team, said ICS systems are not supposed to be connected to the Internet.
“But in our experience, there were often connections” to other networks or devices, which were in turn connected to the Internet, making them potentially accessible to hackers, he said.
They turn on the Internet for remote maintenance of the kit could be carried out without the need for contractors to visit the jail. In some cases ,networks used to enable prison staff to access the net were poorly segmented from SCADA control systems.
Using the USB drive,An attacker can infect the system with Malware such as Stuxnet,Duqu . A targeted malware-infected email might also be used to introduce a SCADA worm into a prison environment.