A U.S. researcher has just draw attention to the failures of the electronic system which manages the ports of high security prisons in the U.S.. The vulnerabilities could be used to open the doors to inmates.
The discovery by John Strauchs promises to become one of the main sights of the DefCon conference, to be held next week in Las Vegas.
The origin of the vulnerabilities is the use of industrial logic controllers (PLC), which may be the target of attacks by cybercriminals.
In a statement reproduced by Wired, John Strauchs admits that the authorities will have to protect themselves if they want to avoid greater evils: "Most people do not know how a prison is drawn, and that's why no one ever paid attention to this ".
Strauchs, who has worked with electronic systems of more than 100 U.S. prisons, ensures that two models of logic controllers from Siemens are vulnerable to malicious code created with the aim of causing the malfunction of various electronic devices that operate in a particular room.
Most major U.S. prisons are already using logic controllers for opening and closing doors or manage other electronic devices (air conditioners, sensors, lighting). Except that only a portion of these drivers have been supplied by Siemens. This did not prevent Strauchs to develop, together with a colleague who preferred to remain anonymous, an experimental prototype that allows to exploit the vulnerabilities of the Siemens PLC.
According to researchers in 2500 were enough euros to buy and develop the necessary tools, in just three hours, the program that lets you take advantage of security holes of the PLC.
To confirm this theory, a part of U.S. prisons will be vulnerable to malicious code Stuxnet that in 2010, has been used to sabotage Iran's nuclear industry
No comments:
Post a Comment