The vulnerability was discovered in 2012 by independent researcher Neil Smith, who found that the communication protocol linking the front and rear of freight trains – technically.
Facepalm: Despite increasing efforts to protect critical infrastructure, much of the US rail industry continues to rely on technology vulnerable to remote hacking, security researchers and federal officials say. The flaw, which could allow an attacker to lock a train’s brakes from afar, was first flagged more than a decade ago and only recently has the industry taken serious steps to address it.
The vulnerability was discovered in 2012 by independent researcher Neil Smith, who found that the communication protocol linking the front and rear of freight trains – technically known as the End-of-Train and Head-of-Train Remote Linking Protocol – can be compromised by intercepting unencrypted radio signals.
The system, designed to relay operational data and safety commands, dates back to a Congress-mandated upgrade in the 1980s to prevent deadly accidents caused by poor communication.
«All of the knowledge to generate the exploit already exists on the internet. AI could even build it for you», Smith told 404 Media. «The physical aspect really only means that you could not exploit this over the internet from another country, you would need to be some physical distance from the train [so] that your signal is still received.
