News One runaway prison laptop caused 1,200 incarcerated students to lose their devices — jailbroken laptop spurs prison officials to issue a recall of...

[Admin]

Following the Securebook 5 default Linux OS being replaced with Ubuntu MATE by a random Twitter user outside of prison with access to tools and resources unavailable to a prisoner, over a thousand actual prisoners had their Securebook 5s confiscated.

One runaway prison laptop caused 1,200 incarcerated students to lose their devices — jailbroken laptop spurs prison officials to issue a recall of... : Read more

 

[Geef]

Inmate 124: "It had to be Bruno! He's the only one with a rear able to fit an entire laptop!"

 

[bit_user]

100% agree with the author. This was an unfortunate turn of events.

I'm a little unclear on what was the pivotal issue, though. Was it the posting of the default password for the OS? Was that determined by running a cracking tool, or is that a more serious flaw in its security design? Would that password have any value, absent the various hardware mods he made?

 

[USAFRet]

100% agree with the author. This was an unfortunate turn of events.

I'm a little unclear on what was the pivotal issue, though. Was it the posting of the default password for the OS? Was that determined by running a cracking tool, or is that a more serious flaw in its security design? Would that password have any value, absent the various hardware mods he made?

I would imagine it is the password.
No matter how that was obtained.

 

[bit_user]

No matter how that was obtained.

The reason I was asking how it was obtained is whether his ability to extract it revealed a design flaw in the system, in which case any password could probably be extracted in the same way, or whether it revealed a weak (i.e. easy-to-crack) password. If the former, then the laptops might not get returned for a while, if ever. If the latter, then maybe they could just change the password and return the laptops.

Obviously, if the password is usable to compromise the device, absent any hardware mods, then they had to get recalled. Even if the inmates had no direct access to anywhere the password was published, the password could have gotten communicated to them from the outside.

 

[Alvar "Miles" Udell]

While unlikely to be able to be taken advantage of, even if they had inside help from a guard, it's still a bad thing if everyone knows the root password to your device, and it's standard procedure for any breached password to be changed, which appears to be what is happening, based on the article posted on Monday about this issue. Personally I wouldn't be surprised if he faces lawsuits over it.

An engineer bought a prison laptop on eBay. Then 1,200 incarcerated students lost their devices. - Open Campus

Students said they were given little information about when and if the devices would be returned, and many wondered if they’d lose access to the work they saved.

www.opencampusmedia.org

 

[digitalgriffin]

This is the danger whenever exploits are covered. And why when I talk about them I'm vague. (Ie: it's a physics based attack). You really want to avoid such possibility of giving script kiddies the tools to create chaos.

That said the disposal company is likely to be sued for being non conformant. The laptops should have been torn apart and pieces separated to the appropriate disposal facility.

 

[GLT1963]

the nature of the hack implies a degree in electrical engineering or a good deal of practical experience. this article goes to further highlight the vast chasm between intelligence and smarts. the likelihood of some form of repercussion on the prison usership was very highly predictable even though the nature of the repercussion wasn't. similar things have happened before with several classes of devices. rather than chase fame, i wish people would spend a few days considering the possible negative ramifications of their exploits

 

[gschoen]

The fault is really that of the Securebook supplier for not instructing the facility admins that the default password needed to be changed with perhaps a second level of certificate authentication. It is a "Securebook" after all, sold by by "Justice Tech Solutions." The pricing for Securebook 6 is $550 with a 12" screen (resolution unspecified), Celeron processor, 8GB RAM, and 256GB SSD. No OS included, and WiFi is available as an option for some unknown reason. No ports except to connect to a docking station. Needless to say, the company makes a hefty profit on these very basic devices, likely with a kickback to the prison operator, which could be a private for profit corporation. Nothing better than profiting off poor people trying to get an education so they don't come back to prison!

I'd hope they resolve the issue and return the devices. The company should reimburse the students for the semester if they have to repeat due to JTS's error. No chance of that happening, I'd reckon.

 

[Alvar "Miles" Udell]

Imagine if passwords were replaced by physical security keys...Isn't that a novel idea in 2024?

 

[USAFRet]

Imagine if passwords were replaced by physical security keys...Isn't that a novel idea in 2024?

And there would still be a backdoor admin pwd.

Plus, the admins would not be able to remote in....they'd need to actually touch.