Exploiting a zero-days vulnerability is an easy way to get yourself into trouble, but it’s a very dangerous one, particularly for young children.
And that’s exactly what’s happened to a group of Australian teenagers in the prison system.
The teenagers, who have not been named, were locked up in a maximum security prison in Darwin for five months in March last year, after being convicted of two counts of breaching a parole or probation order and two counts each of possessing an assaultive weapon and possessing an obscene publication.
The two sentences, as well as two counts for possessing an offensive weapon and an indecent publication, were for each of which they were given a two-year community order.
The boys were also given a one-year jail term.
The maximum security jail, which houses a maximum of 4,500 inmates, is also home to the Queensland Institute of Criminology.
The Queensland Department of Justice (QDJ) says that the boys had been in custody for almost three months, and that they were not aware of the vulnerability until the end of their sentence.
“The young offenders, as they had already been sentenced for breaches of parole and probation, were in no position to exploit the vulnerabilities,” QDJ spokesman Andrew Stewart said.
“They were in fact in no danger of being exploited.”
Mr Stewart says the prison has a “zero-day” security system, meaning that it is only triggered if the code used to run the jail is updated.
“This means that if the prison was ever compromised, there would be no way to tell it,” he said.
“The jail would simply simply not have been able to alert anyone to the vulnerabilities.”
The vulnerability in the Queensland prison system means that a zero day exploit is possible.
The ABC has been unable to contact the teenagers, but they told us that the prison did not notify them about the vulnerability before the prison’s closure.
“There was nothing we could do to alert them to this vulnerability,” one of the boys said.
One of the teens, who cannot be named, told us the jail had “no clue” about the flaw.
“We have been told by the prison it is a zero days vulnerability, it’s just been waiting for a patch to be rolled out,” he told us.
Mr Stewart says it is “a shame” that the Queensland government does not provide a zero or two-day system for the Queensland Prison.””
We were told that the jail was not aware they had been exploited, and we were told they were unaware that there was an exploit.”
Mr Stewart says it is “a shame” that the Queensland government does not provide a zero or two-day system for the Queensland Prison.
“Unfortunately, we do not have any kind of zero days, but we do have some other things,” he says.
“So we will do some work with the Queensland department of education to try to get a zero, but I think it is just a shame that the state does not have a zero.”
The Queensland Government says the Queensland Corrections Authority is investigating the issue, but has not yet received any formal complaints.
Mr Stewart said the QDj would investigate the matter further, but would not comment further until the issue is resolved.
“In the meantime, the Queensland Department for Corrections is providing a zero hours security system and is currently investigating,” he added.
This is a developing story.
Check back for updates.
Topics:security-intelligence,crime,education,prison-policy,civics-and-lifestyle,police,education-and/or-advice,education—schools,criminology,law-crime-and_courts,education—-newcastle-2300,darling-sunshine-2680,portland-4000,brisbane-4000More stories from Queensland