"At 23:23 on 5 April, a 23-year-old university student in Taichung transmitted a falsified General Alarm signal into the Taiwan High Speed Rail Corporation's internal radio system. Four trains travelling at up to 300 km/h received the highest-priority emergency alert and switched to manual braking. The entire high-speed rail network was disrupted for 48 minutes. The student, identified only by his surname Lin, had cracked through seven layers of verification using a laptop, a software-defined radio he bought online, and a handful of handheld radios."
"The radio system Lin compromised is TETRA (Terrestrial Trunked Radio), a standard developed in the 1990s for encrypted voice and data communication, used by police, emergency services, airports, and transport networks in approximately 120 countries. THSRC's TETRA deployment dates to the rail line's opening in 2007. According to Tom's Hardware, the system's cryptographic key rotation, which needs to be configured and scheduled at installation, appears never to have been implemented. When Lin was four years old, someone set the keys. Nobody changed them."
"The attack itself was straightforward. Lin used a software-defined radio, a device that replaces hardware-based radio components with software, to intercept THSRC's radio traffic. He downloaded the captured signals to his laptop, decoded the TETRA parameters, and programmed the same codes into handheld radios. He then transmitted a cloned General Alarm signal that appeared to originate from a station employee, triggering emergency braking procedures across the network. Police described the method as rudimentary."
"The underlying vulnerability is not new. In 2023, Dutch cybersecurity researchers at Midnight Blue disclosed a deliberate backdoor in the TETRA encryption algorithm, affecting radios manufactured by Motorola, Damm, Hytera, and others. The researchers found that the system could be c"
At 23:23 on 5 April, a 23-year-old student in Taichung transmitted a falsified General Alarm through the Taiwan High Speed Rail Corporation’s internal radio system. Four trains traveling up to 300 km/h received the highest-priority emergency alert and switched to manual braking, disrupting the network for 48 minutes. The student used a laptop, a software-defined radio purchased online, and handheld radios to bypass verification and clone the emergency signal. The compromised system used TETRA, a widely deployed standard for encrypted voice and data communications. Cryptographic keys protecting the system had not been changed for 19 years, and key rotation appears not to have been implemented since installation. The method relied on intercepting radio traffic, decoding parameters, programming matching codes, and transmitting a cloned alarm signal.
#high-speed-rail-security #tetra-radio-communications #emergency-alert-systems #cryptographic-key-management #software-defined-radio
Read at TNW | Data-Security
Unable to calculate read time
Collection
[
|
...
]