US Prisoners Steal $225,000 in Credits Using Tablets Meant for Rehabilitation
Jul. 29, 2018When JPay launched a tablet which could help rehabilitate inmates in the prisons of the USA by helping them communicate with people outside, it might not have imagined that these tablets would be used for stealing. Sadly that has happened and inmates in different correction across the state of Idaho havestolen more than $225,000 in creditsby exploiting a vulnerability in the tablet.
Jeff Ray of Idaho Department of Correction informs thatmore than 350 inmateswere able to “intentionally [exploited]a vulnerability within JPay to improperly increase their JPay account balances“. Ideally, thesecredits are either topped up by the friends or relativesof these inmates or occasionally donated by the company itself.
The tablets including JPay’s JPlayallows inmates to enjoy services such as music, email, games,while the company generates revenue by facilitating transactions between inmates and their family. Thesetransactionsare in form of credits and not regular money and can be used for availing JPay’s services. “Having one of these tablets helps your loved ones pass the time, keep engaged and stay connected to you“, says theproduct pagefor one of JPay’s tablets.
The nature of the vulnerability is not confirmed but it seems that 350+ prisoners were able to exploit it bysharing some sort of common hack. This hack was covertly shared between inmates in different facilities. While most inmates were content with stealing $1,000 worth of credits, some couldn’t resist the greed for stealing more. As per the company, thehighest amount stolen was $10,000.
As of now, the company is engaged in recovering the lost credits and has already reclaimed credits worth more than $65,000. It has removed the facility fordownloading musicand games for all inmates until its losses are recovered.
Meanwhile, JPay’s email service is still active, reportsAssociated Press, which shows that despite the hijacking, the company is still empathetic towards prisoners and does not want to prevent them from being in touch with their family – even though the hack could have been shared between facilities using the very service.
