Featured Image Credit: Anton Novikov / Getty
One independent researcher managed to reveal an exploit that allows hackers to remotely activate the brakes on American trains, and it's an issue that officials have been aware of but not fixed for over 10 years now.
Long gone are the days of cowboys and train robberies that would rely on dynamite to bring the heavy vehicle to a halt, but it's seemingly never been easier for a threat actor to stop a train in its tracks with just some simple tech.
The digital age is a gold mine for hackers who can access data from pretty much anywhere across the globe with something as simple as a USB charging cable, but being able to physically stop a moving train from a safe location could certainly be dangerous if conducted by the wrong people with terrifying intentions.
As reported by 404 Media, the issue was initially spotted by independent researcher Neil Smith, who discovered the vulnerabilities over radio frequencies all the way back in 2012.
Advert
Smith explains that everything you would need to take advantage of this exploit is easily accessible on the internet right now, and that you could even ask AI to build you the software if you wanted.
It takes advantage of what's known as an 'End-of-Train and Head-of-Train Remote Linking Protocol' (EOT/HOT), which was initially designed to make trains safer by improving the communication between the rear and front of the vehicle.
This system involves sending telemetry data and radio signals from one end of the train to the other, but it afford the possibility for anyone to spoof the signal and send false commands.
The biggest caveat for this exploit is that it requires the potential hacker to be within a certain physical proximity to the train, meaning that you can't do it from across the globe or even across America.
"A low powered device like a FlipperZero could do it within a few hundred feet," Smith explains, however, "and if you had a plane with several watts of power at 30,000 feet, then you could get about 150 miles of range."
There are a number of reasons why someone might want to stop a train but pretty much all of them would have worrying and even catastrophic consequences, so it's staggering that it has not yet been fixed.
According to Smith, he made officials aware of the issue as soon as he discovered it back in 2012, yet they weren't responsive in the slightest to his concerns.
"The Association of American Railroad (AAR), which is the maintainer of the protocol used across North America for the EOT/HOT radio links, would not acknowledge the vulnerability as real unless someone could demonstrate it to them in real life," Smith reveals.
While you might think that it would be fairly easy to prove it as an issue with the knowledge that Smith had gained, the AAR also indicated that "they also would not authorize the testing to be done to prove it was a real issue," effectively putting their heads in the sand.
Chris Butera, Acting Executive Assistant Director of Cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA), has outlined:
"To exploit this issue, a threat actor would require physical access to rail lines, deep protocol knowledge, and specialized equipment, which limits the feasibility of widespread exploitation - particularly without a large, distributed presence in the US.
"While the vulnerability remains technically significant, CISA has been working with industry partners to drive mitigation strategies. Fixing this issue requires changes to standard-enforced protocol, and that work is currently underway."
The problem has been largely ignored and disregarded for the past 13 years, yet it appears as if CISA is currently working on a resolution, albeit without any current completion timeline.
Smith himself predicts that we could still be 'years' away from any progress, and has declared that "the American railway treats cybersecurity issues with the same playbook as the insurance industry's 'delay, deny' defend' mantra."
