Polish teen uses TV remote to derail trains
Covered on The Register, Telegraph.co.uk, and Slashdot.
Earlier this month, a 14-year-old in Poland used a modified TV remote control to directly interfere with rail junction controls in the city of Lodz. He obtained information on the operation of the junctions by trespassing in several train depots. In the end, he used his train remote to alter the switchings on several moving trams, causing some to derail and resulting in numerous passengers receiving minor injuries. The boy has been charged in juvenile court with endangering the public.
The youth’s particular attack on the system was made possible by the use of infrared signals to control track switches, which left them open to outside interference. Additionally, the lack of property security at railway depots allowed the attacker to obtain information about exactly how the switches interpreted their signals, rendering possible the direct manipulation of the switches.It seems likely that the engineers designing the system did not expect it to be hacked – like many others, they relied on Security through Obscurity, assuming that no motivated adversaries would discover the vulnerability. To prevent such an attack, the railways could have used physically wired connections instead of infrared – while this would still be vulnerable to a dedicated adversary, attacking such a system would require physically digging up cabling, making it much more likely that the attacker would be detected and caught. Another option would have been to encrypt or otherwise digitally sign the data being sent via infrared. This would give some greater assurance that the source of the signals was indeed authorized to make the requested change to the switching of the tracks. Additionally, physical security at depots could be improved using better fences and perhaps regularly-patrolling security guards to help prevent an attacker from discovering information that might be used to attack the rail system.
The boy, who was described as a brilliant student by those who knew him, claimed he had done it as a “prank.” It’s no surprise that many young teens have a cavalier attitude regarding the safety of the “pranks” they undertake. But this latest incident perhaps underscores the fact that with more critical systems being controlled by computers or remote communication, and more children becoming well-versed in technology, the possibility for deadly pranks may increase.
Of course, it is critical that systems be defended against more serious assailants as well as curious children. Unfortunately, the media coverage of this event does not seem to be critical at all of the lax or nonexistent security measures that led to the system being compromised by a 14-year-old boy. In addition to simply punishing the youth for his irresponsible actions in risking the safety of many railway passengers, there should be considerably more focus on physical and informational security in rail systems, considering their vital role in transporting both goods and people. When rail switches can be manipulated remotely by an attacker with a little espionage and some electronics knowledge, clearly something is lacking.