Joke’s on them, 50% of the brakes don’t work.
This vulnerability would have to trigger the airbrakes, which every single railcar has, and every car’s airbrakes are daisy chained together. Airbrakes are failsafe, in that any loss of pressure results in brake application, and a full loss of pressure means full application. So if just one car on the train has a problem with its brake lines, the whole train is stopping whether the railroad likes it or not
As long as it’s also ignored by hacker you should be fine.
Considering how much rail regulations and budgets have been slashed in the past few years, we will probably end up using it as a feature. Safety hackers will need to make sure trains stop on the correct place/time, because there are only 1-2 employees for a 300 car train.
Or alternatively, tune in and subscribe for ‘Twitch Drives a Cargo Train!’
I may be misremembering, but wasn’t there a thing
103 years ago or so where trains were randomly stopping somewhere in Europe. And I think it turned out to be a remote shutdown from the manufacturer (according to independent investigators. The manufacturer maintains that hackers added that code to their software) due to 3rd party replacement partsor an unrenewed service contract or some other anticompetitive behavior.Edit: Jiminy Cricket! It feels like it’s been 10 years. https://arstechnica.com/tech-policy/2023/12/manufacturer-deliberately-bricked-trains-repaired-by-competitors-hackers-find/
It was in Poland but in Poland you can still stop trains with radio signal of a specific frequency. No encryption, no validation. Anyone with a hobbyist level radio equipment can stop freight trains. And they do. Train operators usually just call the station, confirm that it’s a prank and 5 minutes later start again.
https://www.wired.com/story/poland-train-radio-stop-attack/
Poland’s national transportation agency has stated its intention to upgrade Poland’s railway systems by 2025 to use almost exclusively GSM cellular radios, which do have encryption and authentication. But until then, it will continue to use the relatively unprotected VHF 150 MHz system that allows the radio-stop commands to be spoofed.
If I were the leader of Putin’s military, I would make a purchase of hazardous materials that are to be simultaneously transported throughout America. From there, a hacking operation to derail their transports at key locations while in transit. East Palestine x1,000+.
Considering that the Trump Regime is fully in Putin’s pocket, this sort of thing would go completely unopposed and utterly cripple America’s train network for a decade.
…seriously, this vulnerability can seriously fuck up my nation. 🤕
Are we talking fediveese hackers? You know, the socialist-furries-with-UNIX-socks hackers?
Those folks hate cars, not trains. I don’t think we need to worry.
Yeah, but train yard sys admins are furries too (duh), maybe this is just a harmless place for their courtship rituals - train admins know the fediverse furries won’t cause some insane immoral damage, so they don’t patch their Win95 systems, so they just wait for the hack & that’s when they slip into their DMs (like an ASCII fancy socks pic or something).
I guess this vulnerability has been ignored for years, because hackers also ignored it for years.
There’s not a lot you can gain from this kind of vulnerability.
The only hackers skilled enough to pull this off also happen to have thing for trains.
Wow, just something like 1200 baud FSK on 70cm. That’s stupid simple, and stupid. They could use cellular modems (the locomotives already have one, normally) or LoRaWAN or…anything without even trying and it would be an improvement.
They could use cellular modems (the locomotives already have one, normally) or LoRaWAN
The answer to a hyper-localized security issue isn’t attaching the equipment to an insecure network nor is it shifting to use insecure IoT type devices.
If you have rail standards of the 21st century cellular is absolutely what you should be using for rail see: GSM-R . Apparently the DOT is even looking at this.
Now you’d need to build cellular infrastructure along your lines for that system. US rail owners are terminally uninterested in building or maintaining rail infrastructure so that’s not particularly likely to happen unless mandated.
But $!
For that one guy.
Outweighs the safety of a nation.
Don’t you get it yet? You don’t live in a society, you live in capitalism.
I just had an idea for a movie.
I’ve had it with these motherfucking brakes on this motherfucking train.
Cyberpunk train robberies.
Why not?
The economy is crashing, we’ll just return to our Wild West roots, with a modern twist.
Not robberies of people, of course, the vast majority of American rail transit is logistics, moving stuff.
Why rip the copper wires out of an abandoned house or office when you could just get some guys with pickup trucks and get it from the source?
I’m all for it. The social contract was ripped in half a century and half ago. I’m ready AF, I saw this shit coming and prepared, I can live off the land like a motherfucker, and I already don’t own shit.
You got a house, a car, a dog, a family to provide for? Yeah, you drank the koolaid and when the shit hits the fan you’re all gonna die. I can’t fucking wait to see this shit come crashing down- you all pumped money into it, now eat the consequences.
There is no fix. The mitigation is to buy a new train.
Yeah like our profit motivated CEOs will make the capital investment to buy a brand new train instead of lobbying to lower safety standards and regional regulations.
I heard about metro trains getting bricked after 3rd party repairs. This makes it sound like freight trains but it paywalls quickly.
On Polish Railway such signal is a well documented safety feature, and the police was quite successful hunting down morons who abused it last year.
‘You wouldn’t download an emergency train brake button (that is still functionally connected to the train you didn’t download)’
Sounds like a useful tool for any revolutionaries out there.
