Russian Hackers Warn EU Trains Are Vulnerable to Hijack

Uploaded on 2016-01-21 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW

Operational high-speed lines in Europe 2015.

A group of Russian hackers have exposed gaping holes in computer systems that control train networks across Europe, claiming its vulnerabilities could lead to attackers causing devastating derailments or hijacking.

Bugs in outdated systems, and human programming errors, have been identified as alarming weak points by a trio of industrial control specialist hackers, who say other hackers could exploit things such as control braking systems – or could even hijack a train.

The Register explains overlooked bugs in device drivers can be exploited by clever hackers: "If somebody can attack the modem, the modem can attack the automatic train control system, and they can control the train," said Sergey Gordeychik, who helped discover the flaw.

Along with Gordeychik, Aleksandr Timorin, and Gleb Gritsai were integral to the discovery and also frustrated over simple vulnerabilities as a result of decades-old control systems. They unveiled their findings at the December Chaos Communications Congress in Hamburg in the hope vendors will fix it. However, they did not share any explicit details on vulnerabilities or rail vendor names and which countries they operate in over fear it would allow encourage attacks.

Mind the hack
Should hackers be able to infiltrate the antiquated operator's control system they may struggle to use it anyway as some require special training, but the article explains there is plenty of documentation that can be found online to allow hackers to access programmable logic controllers and servers.

With many rail operators using a connected system of trains, ticket systems and stations it poses a high-risk threat to safety as well as untold chaos that could follow should this be exploited by malicious hackers.

"The first threat is to safety, or cyber-physical ... the second is economic threats to impact efficiency and revenue, and the third is threats reliability," said Gordeychik.

The three hackers have released their findings to vulnerable vendors to force them to not use easily cracked hard-coded or default passwords to their systems. They say operators, who still remain nameless, are now aware of the worrying weaknesses and are working to fix the issues.

IB Times: http://bit.ly/1Srnxqt

« Amazon’s Data Centers Are Located in US Spy Country
Anonymous Want Revenge For Saudi Executions »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Hyve

Hyve

Hyve provide a wide range of managed web hosting services including private, hybrid and public VMware cloud hosting.

SecureWorks

SecureWorks

SecureWorks provides intelligence-driven security solutions for organizations to prevent, detect, rapidly respond and predict cyberattacks.

Resource Centre for Cyber Forensics (RCCF)

Resource Centre for Cyber Forensics (RCCF)

RCCF is a pioneering institute, pursuing research activities in the area of Cyber Forensics.

Ravelin Technology

Ravelin Technology

Ravelin prevents chargebacks, fraud, and account takeover. Machine learning and human insight combine for highly accurate fraud detection and prevention.

Project Moore

Project Moore

Project Moore is an Amsterdam law firm specialising in IT-law and privacy.

Space ISAC

Space ISAC

Space ISAC is the only all-threats security information source for the public and private space sector.

Nubeva Technologies

Nubeva Technologies

Nubeva provide a breakthrough TLS Decrypt solution with Symmetric Key Intercept to gain the visibility needed to monitor and secure network traffic.

Beauceron Security

Beauceron Security

Beauceron's cloud-based platform gives employees a powerful personal cyber-risk coach empowering them to improve their cybersecurity practices and behaviours.

Redwall Technologies

Redwall Technologies

Redwall provides cybersecurity expertise and technology to prevent and respond to emerging threats against mobile applications and connected infrastructures.

Netpoleon Group

Netpoleon Group

Netpoleon is a leading provider of integrated security, networking solutions and value added services.

Coretelligent

Coretelligent

Coretelligent is a leading providers of Managed and Co-Managed IT, cybersecurity and private cloud services.

Aceiss

Aceiss

Aceiss empowers access security, providing unprecedented visibility and insights into user access.

Iris Powered by Generali

Iris Powered by Generali

Iris Powered by Generali is an identity theft resolution provider. Our offering combines expert assistance and support with user-friendly identity protection technology.

AnzenSage

AnzenSage

AnzenSage is a cybersecurity advisory consultancy specializing in security risk resilience for the food sector: agriculture, food manufacturing, food supply chain, vineyards, and wineries.

Castlepoint Systems

Castlepoint Systems

Castlepoint Systems is a pioneer in information governance, risk and compliance as a service. An all-in-one solution offering powerful risk management, built in compliance, cybersecurity and audit.

Sola Security

Sola Security

Sola Security is a cyber security startup company currently in Stealth mode.