Shocking, not shocking. Worked for a company more than two decades ago that ran a lot of shortlines.
Called out several different vulnerabilities that I found while researching how to make things more efficient (the company owning the tracks get charged for the car lease while it's on their tracks).
Nothing came of it though. They were more worried about replacing infrastructure after several cars toppled because the ties had rotted.
Does including a three-letter acronym (TLA) make your answer look informed (ALI)?
Because it's an article about outdated systems. Radio-controlled systems built in the last ten years, and in the future, are all mandated to be encrypted.
Furthermore, very few passenger train systems are radio-controlled. Instead, just like cars and buses, control is decentralized to the individual vehicle, and automated based on feedback from the track. No feedback, and the train stops.
>“The End-of-Train (EOT) and Head-of-Train (HOT) vulnerability has been understood and monitored by rail sector stakeholders for over a decade. To exploit this issue, a threat actor would require physical access to rail lines, deep protocol knowledge, and specialized equipment, which limits the feasibility of widespread exploitation—particularly without a large, distributed presence in the U.S.
Shocking, not shocking. Worked for a company more than two decades ago that ran a lot of shortlines.
Called out several different vulnerabilities that I found while researching how to make things more efficient (the company owning the tracks get charged for the car lease while it's on their tracks).
Nothing came of it though. They were more worried about replacing infrastructure after several cars toppled because the ties had rotted.
While this is bad… keep in mind you can also stop trains with a jumper cable across the tracks, too.
https://hackaday.com/2016/12/14/protesters-use-jumper-cables...
Don’t know about today, but you used to be able to drop the gates with a nail.
This looks like an exploit for all future train control systems (TCS)
Does including a three-letter acronym (TLA) make your answer look informed (ALI)?
Because it's an article about outdated systems. Radio-controlled systems built in the last ten years, and in the future, are all mandated to be encrypted.
Furthermore, very few passenger train systems are radio-controlled. Instead, just like cars and buses, control is decentralized to the individual vehicle, and automated based on feedback from the track. No feedback, and the train stops.
>“The End-of-Train (EOT) and Head-of-Train (HOT) vulnerability has been understood and monitored by rail sector stakeholders for over a decade. To exploit this issue, a threat actor would require physical access to rail lines, deep protocol knowledge, and specialized equipment, which limits the feasibility of widespread exploitation—particularly without a large, distributed presence in the U.S.
Sure, thats reaaaally unlikely hey... /S
USA trying to make is public transport system even less popular.