A trio of Russian hackers revealed numerous bugs in the train systems of many of Europe’s railway companies, saying that hackers and terrorists can easily exploit them to derail or even hijack the trains.
After hacking jeep, sniper rifle and electronic skateboards, it’s time for trains to get some taste as three Russian hackers have discovered astounding loopholes in computer systems controlling the train networks across Europe. The bugs discovered by the hackers arise due to the use of outdated systems as well as human programming errors. The reported bugs can cause serious danger to the railway networks, with derailment and hijacking easily possible if the vulnerabilities are exploited.
The hackers, Aleksandr Timorin, Sergey Gordeychik, and Gleb Gritsai, presented their discovery at Hamburg’s December Chaos Communications Congress. They gave an account of how a skilled hacker can take over the train’s computer system by exploiting the vulnerabilities in it, reports The Register.
They said that things like the control braking system could be overridden by the hackers should they succeed in exploiting the vulnerability in the system. They went on to say that although the exploit requires a considerable amount of know-how and skill on behalf of the hacker, there is enough documentation on the internet which could aid the hacker in his task.
The threat is threefold, according to Sergey Gordeychik, with safety, economic, and reliability threats being the three different threats to the railway systems.
Since rail operators quite commonly use a connected system for ticketing, trains, and stations, the impact of a hacker gaining access to the computer system controlling the train could be disastrous to say the least. Attacking the modem could lead to an attack on the automated train control system, and if the attack is successful then the controls are in the hands of the attacker.
Watch the video below:
In the wake of rising terror attacks in different parts of the world, this news comes as both a shock and a reminder of always being on the edge when it comes to security. The three Russian hackers did not divulge which vendors are potentially at risk, for they feared that revealing this information could cause hackers or terrorists to grab the opportunity with both hands.
They did, however, notify the vendors privately so that they could make the necessary changes to prevent such a calamity from ever taking place. They mentioned that the operators have been notified and are working on the end of fixing the issues highlighted by them.