A Ticking Time Bomb: US Trains are Vulnerable to a Simple 13-Year-Old Known Security Vulnerability
The United States rail network is woefully unprepared for a potentially catastrophic cyber attack. A critical flaw in the wireless systems used across the country's rail networks has remained unresolved for over a decade, exposing trains to remote interference and putting passengers' lives at risk.
In 2012, hardware security researcher Neils first identified the vulnerability, which affects End-of-Train (EoT) devices. These devices relay data from the last carriage to the front of the train, forming a link with the Head-of-Train (HoT) module. The issue was largely dismissed by the American Association of Railways (AAR) at the time, who described it as "theoretical." However, recent discoveries have revealed that these radios could easily mimic signals sent between the HoT and EoT units.
The discovery has shown that any device transmitting on the same frequency could inject false packets into the system. This is due to a lack of encryption and a basic BCH checksum. The most concerning aspect of this vulnerability, however, is that the HoT is capable of sending brake commands to the EoT. This means an attacker could potentially stop a train remotely.
The vulnerability, now catalogued as CVE-2025-1727, allows for the disruption of U.S. trains with hardware costing under $500. Neils's findings were met with skepticism by the AAR until federal intervention forced a response. The issue was not taken seriously until the Cybersecurity and Infrastructure Security Agency (CISA) issued a formal advisory.
Despite the growing concern, meaningful action has been slow to come. The AAR continued to downplay the threat, arguing that the devices in question were approaching end-of-life and didn't warrant urgent replacement. However, it wasn't until CISA issued an advisory that the AAR began outlining a fix.
In April 2025, an update was announced, but full deployment is not expected until 2027. The vulnerability stems from technology developed in the 1980s, when frequency restrictions reduced the risk of interference. However, today's widespread access to software-defined radios (SDRs) has altered the risk landscape dramatically.
"Turns out you can just hack any train in the USA and take control over the brakes," Neils said, encapsulating the broader concern. The ongoing delay and denial mean US trains are probably sitting on a keg of gunpowder that could lead to serious risks at any time.
About the Author
Efosa is a technology journalist with over 7 years of experience writing about technology policy, cybersecurity, and data protection. He holds both a Master's and a PhD in sciences and has developed a keen interest in exploring how technological advancements influence regulatory frameworks and societal norms.
He is currently focused on B2B security products and can be contacted at udinmwenefosa@gmail.com.