The device manufacturer used a credit system, which they learned to bypass.
A group of inmates in the state of Idaho took advantage of a vulnerability in JPay prison tablets and caused damage to the company by 225 thousand dollars. JPay charged prisoners for the use of the Internet and services, but they learned how to receive it for free.
According to the publication, 364 prisoners, who were in different prisons of the state, together stole from JPay about 225 thousand dollars in “loans”. The company used the credit system and sold access to digital services, for example, e-mail, music, games and money transfers. But the prisoners found it vulnerable and learned how to receive services for free.
They deliberately exploited the vulnerability in JPay to increase the balance of their accounts. They knew the JPay system and knew what actions to take to credit themselves.
The authorities did not disclose what exactly was the vulnerability and how many prisoners learned to use it. In JPay already restored about 65 thousand dollars of damage and suspended the opportunity to spend “credits” on music and games to some prisoners until they pay off their debts. According to AP, the majority of prisoners gave themselves a thousand dollars in loans, and the largest use of the vulnerability was the appointment of an amount of $ 10 thousand dollars.
JPay is a private company that, for a fee, offers American prisoners to use tablets to access the outside world. Users need to pay separately for access to e-mail, money orders, games and music. The organization of the company can be bought by members of the families of the prisoners or by themselves, and also JPay is sometimes issued free of charge, as it was done for 53 thousand people in New York State prisons in 2018.