I had a really interesting talk about a month ago with some staff members from a maximum security facility for minors somewhere in the USA. I agreed to keep tany identifying information confidential and it is irrelevant anyway. They wanted to know what I thought about the security implications of residents (mostly teenagers) having Nintendo DS and Sony PSP in the facility. They had seen that I write a lot about network security for different magazines and sites and also seen this blog so they thought I would be a natural choice to speak about these issues. I thought it was an interesting exercise.
On the surface, what harm could there be from allowing some kids to play portable video games? It doesn’t seem like such a bad thing.
This is what I came up with. There are probably more things that can be done that I might have gotten to if I had some more time to brainstorm.
1. The Nintendo DS and the Sony PSP can physically be used as weapons. You could hold one in your hand and hit someone with it. You could sharpen a stylus and shank someone with it. You could break a UMD and use the sharp edge to attack someone. If you allow the kids to have the device then you have to allow the chargers and maybe the headphones; the cords of either could be used to strangle someone.
2. The Nintendo DS has a plastic blank filling the compartment where a GBA cartridge gets plugged in. The inside of that blank can be used to conceal contraband. Likewise with the UMD bay of the PSP, and maybe even the Memory Stick Slot of the PSP.
3. The Sony PSP runs Skype which could be used for clandestine communication.
4. Both devices include chat type applications which could be used for clandestine communication.
5. Some games include voice chat or text chat. An inmate could use Pokemon voice chat for clandestine communication.
6. If the facility blocks WiFi signals then that might be a good way to shut down a lot of the secret channel kind of stuff. However, an ad hoc connection to someone in a car in the parking lot could be established and set up to proxy an Internet connection.
7. All kinds of software can be downloaded and run on a PSP. Someone could use a PSP to take remote control of a full PC. Not to mention the web browsing and what that opens up in terms of threat vectors.
8. Let’s not forget that the PSP can share photos ad hoc wirelessly. I could easily see an impromptu porn network developing at a facility like this.