A vulnerability that has existed in U.S. trains for more than a decade could result in some extremely serious ramifications if hackers were to exploit it, with an independent security researcher claiming that the brakes of these locomotives can be remotely triggered. The unfortunate aspect of this glaring security issue is that the railroad industry has known about it for several years and is only now started to patch it.
Vulnerability in U.S. trains was first discovered in 2012, and with sufficient power, a device like the FlipperZero can remotely hack the brakes at a significant distance
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has informed the public about this security exploit, with 404 Media reporting that security researcher Neil Smith discovered it in 2012. The brakes on these trains can be communicated over radio frequencies, with Smith stating the knowledge to actually proceed with such an act exists on the internet, and those with nefarious intentions can leverage AI to target those railroad vehicles.
“All of the knowledge to generate the exploit already exists on the internet. AI could even build it for you. The physical aspect really only means that you could not exploit this over the internet from another country, you would need to be some physical distance from the train [so] that your signal is still received.”
Smith claims he knows about a hacker who can take advantage of this exploit from a fair distance. The security researcher says that a low-powered device like the FlipperZero can bring a train to a stop while being a few hundred feet away, and you can gradually increase that distance up to an unfathomable 150 miles if there is enough power to drive the hacking source.
However, Smith mentions that the figure would have to be an insane amount, which would not be an efficient way to disable a train if the hackers wanted to steal something valuable from it, because they would be too far from it.
“A low powered device like a FlipperZero could do it within a few hundred feet, and if you had a plane with several watts of power at 30,000 feet, then you could get about 150 miles of range.”
Smith also says that when he alerted the Association of American Railroads (AAR) about the problem, they would not acknowledge it unless it was demonstrated to them in real life. Also, the authority did not approve any testing to be done either. Chris Butera, CISA’s Acting Executive Assistant Director of Cybersecurity, told 404 Media that the exploit had been ‘understood and monitored by rail sector stakeholders for over a decade’ and that the authorities are working with partners to introduce strategies to alleviate this problem.
“To exploit this issue, a threat actor would require physical access to rail lines, deep protocol knowledge, and specialized equipment, which limits the feasibility of widespread exploitation—particularly without a large, distributed presence in the U.S. While the vulnerability remains technically significant, CISA has been working with industry partners to drive mitigation strategies. Fixing this issue requires changes to a standards-enforced protocol, and that work is currently underway.”
According to Smith, the problem might take years to fix, despite CISA’s reassurance. The researcher says that immense time is required because of the AAR’s attitude towards the situation, stating that the railway industry treats cybersecurity the same way insurance firms delay and deny coverage to those who seek it.
News Source: CISA
About the author: Omar Sohail is a reporter and analyst for Wccftech's mobile section, specializing in the technology and business of the mobile industry. His expertise lies in the intricate hardware supply chain, covering developments in semiconductor manufacturing, chip lithography, and camera sensor technology.
Follow Wccftech on Google to get more of our news coverage in your feeds.
