A longstanding vulnerability in the U.S. rail system could allow hackers to remotely trigger train brakes, according to a cybersecurity researcher and government officials.
404Media reports that a critical security flaw in the U.S. rail system has left trains vulnerable to remote hacking for over a decade, raising concerns about the safety and security of the nation’s rail infrastructure. The vulnerability, which was first discovered by independent researcher Neil Smith in 2012, allows hackers to remotely lock a train’s brakes by exploiting weaknesses in the “End-of-Train and Head-of-Train Remote Linking Protocol” (EOT/HOT).
The EOT/HOT system, which was implemented in the 1980s following a Congressional mandate, enables communication between the front and back of a train using radio frequencies. It was designed to enhance safety by allowing the back of the train to send telemetry data to the front and for the front to send basic commands back. However, the radio link used in this system is a common frequency-shift keying data modem that can be easily identified and exploited.
According to Smith, a hacker with the right knowledge and equipment could trigger a train’s brakes from a distance. “A low powered device like a FlipperZero could do it within a few hundred feet, and if you had a plane with several watts of power at 30,000 feet, then you could get about 150 miles of range,” he told 404 Media.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has acknowledged the vulnerability, with Acting Executive Assistant Director of Cybersecurity Chris Butera stating that it has been “understood and monitored by rail sector stakeholders for over a decade.” However, Butera also noted that exploiting the vulnerability would require “physical access to rail lines, deep protocol knowledge, and specialized equipment,” which limits the feasibility of widespread exploitation.
Despite the potential severity of the vulnerability, the rail industry has been slow to address the issue. When Smith first alerted the Association of American Railroads (AAR) to the problem in 2012, he was met with skepticism and resistance. The AAR refused to acknowledge the vulnerability as real unless it could be demonstrated in real life, but they also would not authorize the testing required to prove its existence.
Despite the industry’s reluctance to address the issue, CISA has been working with industry partners to develop mitigation strategies. Fixing the vulnerability requires changes to a standards-enforced protocol, a process that is currently underway but may take years to complete.
Smith has criticized the AAR for its handling of the situation, stating that “the American railway industry treats cybersecurity issues with the same playbook as the insurance industry’s ‘delay, deny, defend’ mantra.”
Read more at 404Media here.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship.
