Trains vulnerable to hackers, researchers warn
Security researchers are warning of gaping cybersecurity holes in railway systems, opening trains up to hackers, according to tech news website Motherboard.
“It’s absolutely easy” for hackers to exploit certain vulnerabilities in railroad infrastructure, researchers Sergey Gordeychik and Aleksandr Timorin said Sunday at the security conference Chaos Communication Congress in Hamburg, Germany.
Their findings come among fears that critical pieces of infrastructure such as the power grid or airlines are increasing at risk of cyberattack.
Some of those concerns: Features once controlled manually such as signals and locks are now largely automated. Hackers could potentially flip a switch to derail a train or cause a collision.
Equally worrisome, researchers say, is that engineering and onboard entertainment systems tend to be run on the same network. Accessing an onboard Wi-Fi network could give a hacker access to the network that operates the train itself.
Similar fears have been expressed in the airline industry after cyber expert Chris Roberts claimed that he used a plane’s entertainment network to infiltrate the computer system controlling the engines and thrust.
Roberts said he issued a climb command to the plane, causing it to briefly fly sideways.
FBI officials have denied his claims, saying that there is “no credible information to suggest an airplane’s flight control system can be accessed or manipulated from its in-flight entertainment system.”
Government agencies have been warning of the possibility that hackers could exploit an airplane’s Wi-Fi to take control of the plane.
“Modern communications technologies, including IP connectivity, are increasingly used in aircraft systems, creating the possibility that unauthorized individuals might access and compromise aircraft avionics systems,” said an April Government Accountability Office report.
Such reports have drawn scrutiny from Capitol Hill, where Sen. Ed Markey (D-Mass.) is pressing airlines and airplane-makers for information on how they are defending themselves from hackers.
Gordeychik and Timorin cautioned that while the threat of train hacking is real, hackers have yet to exploit the opportunity — possibly because there isn’t an obvious way to make money by hacking a train.
“All the vendors are working very hard to fix the situation,” the researchers said.