College student hacks Taiwan high-speed rail line with software defined radios, stopping four trains — 19 years without crypto key rotation ends in predictable result as hacker sails through 7 layers of protection
(Image credit: Getty Images)
Techies and trains have always had a fairly close relationship, but some people seem to take that relationship to toxic levels. About a month ago, a 23-year-old Taiwanese student "hacked" the country's high-speed rail line using an SDR (Software-Defined Radio) filter and radios, remotely broadcasting a General Alarm sign, and triggering a manual emergency braking procedure.
The event brought four trains to a standstill for 48 minutes until the situation was verified as a false alarm, with reportedly no hard stops executed. Lin, the mind behind the operation, sailed through "seven verification layers" thanks to the fact that the TETRA (Terrestrial Trunked Radio) system in use hadn't had its cryptographic keys rotated in 19 years.
Go deeper with TH Premium: GPUs
Lin reportedly also had information on how to access the comms of the New Taipei Fire City Department and the Taoyuan International Airport MRT Line. The incident triggered a round of political ping-pong to assess responsibilities for the weak security and a formal review of all aforementioned radio systems.
Democratic Progressive Party Legislator Ho Shin-chun clearly stated, "If a college student could hack into a system as sophisticated as that of the high-speed rail system, what would happen if the same thing happened with the Taiwan Railway Corp’s system?"
As for Lin, he's using the Looney Tunes defense that it was an accidental press of a button on the radio he had in his pocket. It would have been easy for him to conduct himself better and take the ethical route by disclosing the vulnerability to the relevant authorities, as Taiwan appears to have a highly progressive attitude towards civil hacking in all forms.
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
This is exemplified by the g0v initiative, which calls for open and transparent operations from regular citizens, an ethos that has official government support and was most useful during the COVID-19 pandemic. There's a yearly Presidential Hackathon, too, and Taiwan's National Institute of Cyber Security recently awarded $17,000 for 20 reported vulnerabilities across a range of products.
Follow Tom's Hardware on Google News, or add us as a preferred source, to get our latest news, analysis, & reviews in your feeds.
Bruno Ferreira is a contributing writer for Tom's Hardware. He has decades of experience with PC hardware and assorted sundries, alongside a career as a developer. He's obsessed with detail and has a tendency to ramble on the topics he loves. When not doing that, he's usually playing games, or at live music shows and festivals.
What's Your Reaction?
Like
0
Dislike
0
Love
0
Funny
0
Wow
0
Sad
0
Angry
0
Comments (0)