28C3: SCADA and PLC vulnerabilities in correctional facilities


In this full length presentation from the recent 28C3 conference in Berlin, Tiffany Rad, Teague Newman and John Strauchs describe the opportunities and challenges presented by SCADA systems used in prisons and jails.

These systems are often used in conjunction with PLCs to open and close doors. Using original and publicly available exploits along with evaluating vulnerabilities in electronic and physical security designs, Newman, Rad and Strauchs have discovered significant vulnerabilities in PLCs used in correctional facilities by being able to remotely flip the switches to “open” or “locked closed” on cell doors and gates. This talk will evaluate and demo SCADA systems and PLC vulnerabilities in correctional and government secured facilities while recommending solutions.

UPDATE: According to the speakers, John Strauchs and his company were the inspiration for the 1990s hacker flick “Sneakers”. However, this is questionable (see comment below).

Join the Conversation

5 Comments

  1. I’m really getting tired of people implying or outright saying SCADA is “vulnerable”. It’s not “SCADA” that’s the problem, it is the connected systems hosting it that are vulnerable, the vast majority of which are Windows-based. If you leave your front door open and go on vacation, don’t expect things to be as you left them when you return.

      1. SCADA was never designed as a “secure” protocol and has never claimed to be “secure” against attacks. Once the front door is open (Internet connected attacker enters the SCADA system via an insecure gateway), man-in-the-middle or code injection attacks are certainly possible. SCADA is not designed to thwart such attacks – nor should it be. To try and make SCADA inherently “secure” would likely render the protocol unsuitable for the original intent due to complexity and inefficiency.

        Stop blaming SCADA… If your system is so vulnerable to attack, either fix your system or don’t use something like SCADA in the first place.

  2. The inspiration for the movie Sneakers, to the best of my knowledge, was Matt Bishop and Bob Abbot’s consulting company. The movie script was put together over numerous conversations with both Matt and Bob. The character names of Martin Bishop and Bernard Abbott were intentionally made close to Matt and Bob’s actual names as a tip-o-the-hat acknowledgement.

    1. Mudge: Your comments are not incorrect but they are incomplete. Sneakers was based on an amalgum of people and companies, mine included. I began to work with Lasker and Parkes (and later with Robinson) in 1983. For example, Ian Murphy (Capt. Zap) and John Draper (Capt. Crunch) were also inspirations. And, I am in the movie credit.

Leave a comment

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.