Multiple sources are reporting that a 23-year-old only known as Lin was able to stop three to 4 trains just by spoofing radio signals and coming out by impersonating radio beacons.
Let me make it clear that the Bleeping article title says 15-year-old, so I don’t exactly know if it is a 15-year-old or a 23-year-old or whether it was corrected later to say 23 and not 15.
One of the sources, found through my feed talking about Transit Cyber Security, says 3, while the Bleeping Computer article says 4.
A 23-year-old university student in Taiwan was arrested for interfering with the TETRA communication system used by the country’s high-speed railway network (THSR).
According to local media reports, the student halted four trains for 48 minutes on April 5 by using software-defined radio (SDR) communications and handheld radios to transmit a high-priority “General Alarm” signal, triggering emergency braking procedures.
THSR is a high-speed railway network in Taiwan that runs a single 350 km (217 miles) two-way line along the western coast of the country, with trains reaching speeds of up to 300 km/h (186 mph).
The article continues:
Before the attack, the student, who is referred to by his surname Lin, intercepted and decoded TETRA (Trans-European Trunked Radio) radio parameters using SDR equipment he bought online, and then programmed them into handheld radios to impersonate legitimate beacons.
If he and others collaberated, it could’ve been a lot worse than just putting out an alarm and forcing the trains to come to a stop. While both reports indicate that the outage only lasted 48 minutes, it may take several hours for that type of delay to return to normal scheduling because of how far they have to go.
It also sounds like there is a lot of space between stations, so going rough 160 mph is not uncommon.
The Bleeping Computer article continues:
The police also found that a 21-year-old accomplice provided Lin with some critical THSR parameters that enabled the attack.
Reports state that the system had been in use for 19 years and that its parameters were apparently not rotated during that time, allowing the hacker to bypass seven verification layers.
The incident has sparked criticism from some Taiwanese politicians, who called out the bodies responsible for negligence.
Let’s make one thing clear. We don’t know exactly know how this works, so I’m not going to go as far as to blame the company, but if it is as easy as simple creds, or spoofing signals that can possibly be changed, then yes, the company is at fault.
I’m not very knowledgeable in train systems, even though I work with a major transportation company.
So, what should you be reading? Please read the following articles. There may be others, but these are the ones I have.
- 15-year-old detained over French govt agency data breach
- Student hacked Taiwan high-speed rail to trigger emergency brakes
Discover more from Jared's Technology podcast network
Subscribe to get the latest posts sent to your email.