The Hollywood scene in which hackers are able to spring prisoners from their jail cells may not be so hypothetical after all. Security consultant and engineer John Strauchs has come forward with the assertion that the same vulnerabilities exploited by the Stuxnet malware can also be found in top high-security prisons in the United States. Speaking to Wired, Strauchs says: "Most people don't know how a prison or jail is designed, that's why no one has ever paid attention to it. How many people know they're built with the same kind of [programmable logic controller] used in centrifuges?" According to him, only the smallest facilities do not use PLCs to control doors or manage the security systems.
With 117 federal correction facilities, 1,700 prisons and more than 3,000 jails in the United States, this adds up to a lot of potential exploitations.
To prove his hunch, Strauchs acquired a Siemens PLC and with two others, managed to write exploits for vulnerabilities that they discovered. The crux of the matter has to do with the simplistic architecture of prison PLCs, coupled with an insecure communications protocol that was designed years ago. One "doomsday" scenario outlined by Strauchs could see a hacker opening all the doors simultaneously. More disturbingly perhaps, Strauchs says that it is also possible to irreversibly damage the PLCs once control has been gained--presumably by overloading the electronics.