John Strauchs, Tiffany Rad and Teague Newman presented their findings at a recent security conference. They said the project wasn't really all that difficult -- it just took a little time, some equipment bought online and a basement workspace. The idea for the research came about from work that Strauchs had done previously.
"I designed a maximum security prison security system. That is, I did the engineering quite a few years ago and literally on Christmas Eve, the warden of that prison after it was occupied, called me and told me all the doors had popped open, including on death row, which of course sent chills down my spine. So we fixed that problem very quickly. It was a minor technical thing that had to do with the equipment used, but the gist of it was it made me think if that could be done accidentally, what was the extent of what you could do if you did it deliberately?"
Strauchs and his team focused on the Programmable Logic Controller or PLC, a component used for electromechanical processes like assembly lines, lighting controls and prison doors. Strauch and his colleague Teague Newman found problems with how prisons were using it.
"One of them was, in fact, that the computers that controlled the PLCs were accessible by the general staff of the facility," says Newman. "It did have a monitor, keyboard, things of that nature connected to it and we did actually in our tour of a facility, we saw guards accessing these computers to view their personal email."
If someone's online they could be lured to a malware site and infect their whole computer network. Or a USB drive could be loaded with malware and smuggled in.
Researcher Tiffany Rad says the team alerted the federal government to the vulnerability before taking it public. "The federal government has known about our research, but they've known about vulnerabilities in programmable logic controllers and industrial control systems for more than 10 years. What's difficult with the programmable logic controllers is they're meant to be accessible and easily programmable. That's why it was so easy for us to create an exploit for it. However, they need to be easily controlled and programmable because if you're running a plant or facility, it's the accessibility that they needed. So there are some aspects to PLCs that really can't be fixed."
We contacted the Federal Bureau of Prisons, which declined to comment.
Also on today's program, a new vocabulary word: "Telexistence." Find out how you can control a robot and see, hear and feel everything that it's experiencing.