Source: securityboulevard.com – Author: Richi Jennings
It depends what you mean by “hack” (and by “Russia”).
Trains all over Poland are mysteriously slamming on the brakes, with Putin’s voice heard on the drivers’ radios—backed with the Russian national anthem. So, of course, the mainstream media is all up in a lather about Russian hackers.
Or was it just a modern-day blue-box prank? In today’s SB Blogwatch, we grab some delicious Cap’n Crunch.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: 9ZZZ999.
Train Phreaking
What’s the craic? Marek Strzelecki reports—“Poland investigates hacking attack”:
“Attempts by Russia”
Poland’s domestic security agency is investigating a hacking attack on the country’s railway network which led to traffic disruption. … Poland’s Internal Security Agency (ABW) and police are probing an unauthorized use of the system involved in rail traffic management.
…
Hackers used railway frequencies to transmit a signal that triggered an emergency stoppage of trains in northwestern Poland, causing delays. … Stanisław Zaryn, deputy coordinator of special services … said any such interference was treated seriously given recent attempts by Russia to destabilize Poland.
Did someone use the R-word? Aunty amps up the tension—“Poland investigates cyber-attack”:
“Ukraine conflict”
The signals were interspersed with recording of Russia’s national anthem and a speech by President Vladimir Putin. … Poland is a major transit hub for Western weapons being sent to Ukraine.
…
About 20 trains were brought to a standstill. … A number of Western countries have called for increased cyber-security precautions as the Ukraine conflict unfolds.
Wait. Pause. Piotr Konieczny is lost in translation—“They weren’t hackers”:
“Police detained two suspects”
On Saturday and Sunday, similar sudden stops of trains occurred in Białystok, Gdynia and Wrocław. But contrary to what some Polish and foreign media … wrote, it wasn’t a hacker attack. Someone just broadcast a RADIO STOP signal. The signal has been used on the railroads for years, and can be transmitted with a cheap walkie-talkie or an even cheaper SDR module.
…
The signal serves to warn about a broken switch, and not only train drivers can give it. … Every nerd with a walkie-talkie can emit such a signal: … The instructions for building the RADIO STOP signal are open and publicly available. … The signal is not encrypted and its transmission does not require any authentication.
…
On Sunday, police detained two suspects (24 and 29 years old). … We advise against such shenanigans—unless you want … eight years of “radio silence.”
1337 h4x0rz! u/eloyend laughs in Polish:
“Cyber attack” xDDD
Literally three differently toned beeps sent in a loop over an unencrypted channel.
Think of the children! Something must be done! mytailorisrich suggests “something”:
Here we’re discussing a radio transmission … that can come from absolutely anyone and anywhere and stop a whole train. There is no reason for this not to be secured.
…
Our critical infrastructure is vulnerable … against threats [from] state actors … as this article again shows. This may have been “the norm” for decades, but this has to be fixed. Unfortunately it often takes a catastrophe for things to be fixed.
Good luck with that. There’s a lot of work to do, thinks DrXym:
Hacking railways [is] easy. Aside from any radio comms, [they] have PLCs and cables running down the length of their lines that control things like sensors, junctions, signals, etc.
It is only in the last 3 or 4 years that security has been more than an afterthought to industrial control systems. So it’s likely that any modern rail network is extremely vulnerable to low level or sophisticated attacks:
Low level: Find a box or a cable conduit by the side of the railway and just destroy it.
High level: Break into the network and take over devices, or send false commands.
But what about the method used here? u/lordgurke is amused:
We’re talking about [the] radio standard for train control. This system has a hilarious flaw: Normally, it works encrypted, but the emergency stop signal is deliberately unencrypted for safety … because encrypting the signal, sending it, decrypting it on the train, takes a few milliseconds more. … And you can save this precious time when you need to emergency-stop a train.
The good hackers have been warning about this for ages. Because you can “shut down” a whole train station by just going there with a small radio transmitter in your pocket. … Now that someone used this flaw in a … real scenario, this hopefully will get fixed.
Meanwhile, The only winning move is not to play urges you to exit their private grassed area:
“Simple radio hack”? I thought Don Imus was dead.
And Finally:
TMI about Calif. license plates
Hat tip: Tom Scott’s newsletter
You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi, @richij or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.
Image sauce: DonkeyHotey (cc:by; leveled and cropped)
Recent Articles By Author
Original Post URL: https://securityboulevard.com/2023/08/russia-hack-poland-trains-richixbw/
Category & Tags: Analytics & Intelligence,API Security,Application Security,AppSec,Cyberlaw,Cybersecurity,Deep Fake and Other Social Engineering Tactics,Digital Transformation,Editorial Calendar,Endpoint,Featured,Governance, Risk & Compliance,Humor,Identity & Access,Identity and Access Management,Incident Response,Industry Spotlight,Insider Threats,IOT,IoT & ICS Security,Mobile Security,Most Read This Week,Network Security,News,Popular Post,Regulatory Compliance,Securing the Edge,Security at the Edge,Security Awareness,Security Boulevard (Original),Social Engineering,Spotlight,Threat Intelligence,Threats & Breaches,Vulnerabilities,Zero-Trust,Poland,RADIO-STOP,Rail Cybersecurity,railroad,Railway Security,Russia,SB Blogwatch,trains – Analytics & Intelligence,API Security,Application Security,AppSec,Cyberlaw,Cybersecurity,Deep Fake and Other Social Engineering Tactics,Digital Transformation,Editorial Calendar,Endpoint,Featured,Governance, Risk & Compliance,Humor,Identity & Access,Identity and Access Management,Incident Response,Industry Spotlight,Insider Threats,IOT,IoT & ICS Security,Mobile Security,Most Read This Week,Network Security,News,Popular Post,Regulatory Compliance,Securing the Edge,Security at the Edge,Security Awareness,Security Boulevard (Original),Social Engineering,Spotlight,Threat Intelligence,Threats & Breaches,Vulnerabilities,Zero-Trust,Poland,RADIO-STOP,Rail Cybersecurity,railroad,Railway Security,Russia,SB Blogwatch,trains
