Industry News

John Strauchs, a computer security expert who has worked on the installation of electronic prison security systems, says hackers could exploit vulnerabilities in programmable logic controllers, or PLCs, to open cells.

PLCs are small computers programmed to execute simple tasks. Many internet security pros believe the notorious Stuxnet worm compromised the PLC's controlling centerfuges, sabotaging Iran's nuclear program. Strauchs says similar PLCs, which can be attacked with relative ease, are used to control many operations in U.S. prisons, including the opening of cell doors.

In a white paper he will present at the upcoming Defcon hacker conference in Las Vegas, Strauchs describes how he and two other researchers were able to write three exploits to take control of a Siemens PLC used by many correctional facilities. He says once a hacker takes remote control of a PLC, he or she not only can open and close cells, but could overload the building's electronics to "destroy the system."

One of Strauchs's co-authors, Teague Newman, told Wired Magazine that PLCs need to be better-designed, but prisons also need to update security protocols to prevent workers from engaging in risky behaviors like using insecure USB drives or opening unknown files sent to their email accounts.

In 2009, an inmate with access to a U.K. prison computer system shut down the network while working on a reprogramming project.