A cheap radio hack disrupted Poland's railway system

171 点作者 xrayarx超过 1 年前

13 条评论

oatmeal1超过 1 年前

The world is astoundingly safe that these sorts of thing don't happen all the time. Anyone who could light a cigarette could start wildfires all over California and many other places during the summer. Anyone who can buy a GPS jammer could disrupt one of the busiest airports in the world. With all the misanthropes out there you'd think chaos would happen more often. Glad it doesn't.

评论 #37313821 未加载

评论 #37315029 未加载

评论 #37315064 未加载

评论 #37315941 未加载

评论 #37314876 未加载

评论 #37313600 未加载

评论 #37319061 未加载

评论 #37313650 未加载

评论 #37319740 未加载

Animats超过 1 年前

This is a problem. You don't want an emergency stop signal to be ignored because somebody didn't update their encryption keys. And it's very useful for railroad workers to be provided with handhelds that can send an emergency stop signal. Here's one used in the US.[1] This is for yard operations, where there's slow-speed (the US limit is 20mph) traffic going in various directions without full signal control. Outside the "yard limit", signals control, and speeds are higher.If you have no idea what a railroad yard working environment is like, here's a Union Pacific recruiting video.[2] They're up-front about what you're getting into; the intro shows someone at 5:48 AM in a snowstorm in a railyard in Chicago.[1] <a href="https://railserve.biz/react-safety-device/" rel="nofollow noreferrer">https://railserve.biz/react-safety-device/</a>[2] <a href="https://www.youtube.com/watch?v=lMViWazEYoc">https://www.youtube.com/watch?v=lMViWazEYoc</a>

评论 #37318069 未加载

评论 #37315569 未加载

praptak超过 1 年前

This hack is publicly known since at least 2010, here's a police note about the earliest case I found (in Polish): <a href="https://policja.pl/pol/aktualnosci/56015,quotRadioamatorquot-zatrzymywal-pociagi.html" rel="nofollow noreferrer">https://policja.pl/pol/aktualnosci/56015,quotRadioamatorquot...</a>

评论 #37318498 未加载

0xA43超过 1 年前

I've tried to translate the article on the one and only polish offensive cybersec site in case if you want to learn more<a href="https://telegra.ph/How-easy-is-it-to-paralyze-the-Polish-railroad-Lets-find-out-08-28" rel="nofollow noreferrer">https://telegra.ph/How-easy-is-it-to-paralyze-the-Polish-rai...</a>

评论 #37316980 未加载

smilespray超过 1 年前

Could you effectively perform this hack from a satellite or an aircraft? 150 MHz should propagate quite a distance given line of sight.

评论 #37312804 未加载

评论 #37315201 未加载

xnzakg超过 1 年前

<a href="https://archive.is/vXAEb" rel="nofollow noreferrer">https://archive.is/vXAEb</a>

burtekd超过 1 年前

It's not a hack. It's just sending a well-known three tones sequence on given frequency.

评论 #37318621 未加载

jakozaur超过 1 年前

Poland needs to upgrade rail systems, there were plans years ago, but it was costly and postponed. Unfortunately, the radio-stop works well and it's reliable.Now with around 80% of military equipment to Ukraine is transported through Poland, those vulnerabilities are going to be exploited.Russia already run remotely groups though encrypted messages and crypto payments:<a href="https://www.washingtonpost.com/world/2023/08/18/ukraine-weapons-sabotage-gru-poland/" rel="nofollow noreferrer">https://www.washingtonpost.com/world/2023/08/18/ukraine-weap...</a>The aim is to do some diversion or disinformation. There were many instances of producing fake news or misrepresent about some events. Please do your part and refrain from sharing those news about Poland without double checking sources.Unfortunately, some "news" were picked by mainstream media, even though they could not find any evidence behind that (e.g. turning back non-white people on Poland-Ukrainian border by Polish officials).

评论 #37322549 未加载

nimbius超过 1 年前

True story some amateur radio hams managed to nearly torch our shops substation relay with radios.Basically our main transformer switchgear was opening and closing on its own every few minutes. We run a diesel truck repair company and it was killing everything from the front office to the air compressors and anything in between. The electric company told us there's an ultra low frequency "DX" the hams sometimes get into that their own power lines use to communicate with substations. Pretty silly. We lost the air conditioner and the boombox that year.

评论 #37317638 未加载

评论 #37318995 未加载

PM_me_your_math超过 1 年前

I like how they give you the frequency so you can try it yourself.

toomuchtodo超过 1 年前

Previous: <a href="https://news.ycombinator.com/item?id=37288856">https://news.ycombinator.com/item?id=37288856</a>

fnord77超过 1 年前

why aren't hack sabotages seen as acts of war?they can do as much or more damage as, say, blowing up a bridge

评论 #37314489 未加载

评论 #37315252 未加载

评论 #37318420 未加载

评论 #37313367 未加载

评论 #37318479 未加载

评论 #37313381 未加载

toss1超过 1 年前

>>Because the trains use a radio system that lacks encryption or authentication for those commands, Olejnik says, anyone with as little as $30 of off-the-shelf radio equipment can broadcast the command to a Polish train—sending a series of three acoustic tones at a 150.100 megahertz frequency—and trigger their emergency stop function.Goes without saying here that this needs to be fixed ASAP.>>The railway agency wrote that “there is no threat to rail passengers. The result of this event is only difficulties in the running of trains.”There is no threat to rail passengers, unless a passenger train does not know about a stopped train ahead of it on the tracks, e.g., a cargo train go stopped by the hack, but the passenger train 10min behind it did not and continues to rush onward towards the stopped cargo train. IDK if Poland's control system would reliably detects these conditions, but if it does not with 100% reliability, this is a real threat.

评论 #37313092 未加载

评论 #37313089 未加载

评论 #37313314 未加载