Mathy VanhoefYikes. Turns out you can send a plaintext radio signal to cause any train in the USA to do an emergency break. The original 'security' was just a checksum, no encryption or authentication. Reporting this took them 12 years (!) because the vendor dismissed it initially https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-10
Disclosure timeline is on X/twitter: reported in 2012, but no real response because it was considered theoretical. They weren't given access to a train's test track facility, so impossible to confirm ethically in practice. Devices now considered end of life. Replacement is maybe here in 2027..
fops
Reay
Firewalls Don't Stop Dragons@reay @vanhoefm @middleclasstool
Here's the kicker... you *know* this isn't the only stupid protocol like this out there. When things "just work" we forget about them and move on. We can't do that any more. We need to go back and verify the security of our systems, particularly older, legacy systems that impact infrastructure ... because the bad guys are already doing this.
@FirewallDragons @vanhoefm @middleclasstool Absolutely. And of course, to that point, if this is what the public is hearing, the bad guys have known about it far longer.
æstrid //hackermode@vanhoefm ok now do remote control locomotives, lmao