U.S. Train Brakes Can Be Remotely Stopped, Claims Independent Researcher
A vulnerability in U.S. trains that has existed for more than a decade could result in catastrophic consequences if hackers were to exploit it. An independent security researcher claims that the brakes of these locomotives can be remotely triggered using a device with sufficient power.
The railroad industry has been aware of this glaring security issue for several years, but only now is it starting to take action. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has informed the public about this security exploit, which was first discovered in 2012 by security researcher Neil Smith.
According to Smith, the brakes on these trains can be communicated over radio frequencies, making it possible for hackers to target railroad vehicles using AI. He states that "all of the knowledge to generate the exploit already exists on the internet," and those with nefarious intentions can leverage this information to disable trains at a significant distance.
Smith claims that a low-powered device like the FlipperZero can bring a train to a stop while being just a few hundred feet away. However, increasing the range of this device up to 150 miles would require an immense amount of power.
"A low powered device like a FlipperZero could do it within a few hundred feet, and if you had a plane with several watts of power at 30,000 feet, then you could get about 150 miles of range," Smith explained. However, he notes that this would not be an efficient way to disable a train if the hackers wanted to steal something valuable from it.
When Smith alerted the Association of American Railroads (AAR) about the problem, they did not acknowledge it unless it was demonstrated to them in real life. The authority also refused to approve any testing to be done on this issue.
Chris Butera, CISA's Acting Executive Assistant Director of Cybersecurity, told 404 Media that the exploit had been "understood and monitored by rail sector stakeholders for over a decade." He added that the authorities are working with partners to introduce strategies to alleviate this problem.
"To exploit this issue, a threat actor would require physical access to rail lines, deep protocol knowledge, and specialized equipment, which limits the feasibility of widespread exploitation—particularly without a large, distributed presence in the U.S. While the vulnerability remains technically significant, CISA has been working with industry partners to drive mitigation strategies," Butera said.
Despite CISA's reassurance, Smith believes that fixing this issue will take years due to the AAR's attitude towards cybersecurity. He notes that the railway industry treats cybersecurity in the same way as insurance firms delay and deny coverage to those who seek it.
The Risks of Remote Train Braking
Imagine a scenario where a hacker can remotely trigger the brakes of a train from hundreds of feet away, or even up to 150 miles. The consequences would be catastrophic, with potential loss of life and damage to infrastructure.
Smith's discovery highlights the need for greater cybersecurity awareness in the railroad industry. The use of radio frequencies to communicate with trains makes them vulnerable to hacking, and it is only a matter of time before this exploit is exploited by malicious actors.
The Response to the Vulnerability
CISA has acknowledged the vulnerability and is working with partners to introduce mitigation strategies. However, Smith's concerns that the industry is taking too long to address the issue are valid.
It remains to be seen how effective these mitigation strategies will be in preventing remote train braking. One thing is certain, however – the railroad industry must take cybersecurity more seriously if it hopes to prevent such catastrophic incidents in the future.