Idaho prison officials have disclosed that a group of 364 prison inmates hacked handheld prison tablets to steal nearly $225,000 worth of digital credits. The prisoners exploited a vulnerability in tablets, manufactured by a firm called JPay.
JPay tablets are used in prisons across the US, allowing inmates to email their families and friends, purchase and listen to music, play electronic games or transfer money to other inmates.
While the firm had provided the tablets to prisoners with a positive intention, little did it know that their own devices could be exploited to siphon off nearly a quarter of a million dollars.
The prisoners were “intentionally exploiting a vulnerability within JPay to improperly increase their JPay account balances” a spokesperson of the Idaho Department of Correction, Jeff Ray said, the Verge reported.
According to Ray, 50 inmates exploited the unknown flaw in JPay tablet to transfer an amount exceeding $1,000 into their accounts. The largest amount credited by a single inmate was just under $10,000. Overall, nearly $225,000 was credited into the accounts of 364 inmates.
“This conduct was intentional, not accidental. It required a knowledge of the JPay system and multiple actions by every prisoner who exploited the system’s vulnerability to improperly credit their account,” Ray said, the Guardian reported.
So far, JPay has recovered over $65,000 worth of credits. The company has also currently suspended the download of music and games inside the prison, until the prisoners compensate for the losses.
However, prisoners can continue to send and receive emails. It is still unclear as to what kind of vulnerability was exploited.
Meanwhile, the Department of Correction has issued disciplinary offense reports to the inmates who were allegedly involved in the attack.