A recent revelation sheds light on the shockingly simple manipulation of trains’ emergency systems using easily accessible radio equipment. Independent cybersecurity researcher and consultant, Lukasz Olejnik, uncovered this concerning vulnerability.
Hackers carried out an illicit intrusion into the radio signals, targeting trains in Poland’s north-western Zachodniopomorskie province on Saturday night. Polish State Railways (PKP) and the state-operated Polish Press Agency (PPA) reported the incident.
The hackers manipulated multiple stop signals without authorization, causing about 20 trains to halt. This resulted in significant delays and interruptions. In a bold move, the hackers also broadcasted Russia’s national anthem and a speech by Russian President Vladimir Putin, as BBC reports indicated.
Earlier that week, a freight train and a regional passenger train had a minor collision, and an inter-city train derailed in the northeastern part of Poland.
PKP assured that passengers were unharmed, and services resumed a few hours later.
Following the incident, Polish intelligence agencies began investigating the possibility of sabotage.
Stanislaw Zaryn, deputy coordinator of these intelligence services, told PPA that Russia and Belarus had been making documented attempts for months to destabilize the Polish state.
Upon receiving the unauthorized radio-stop signals, train operators took 1-7 minutes to confirm with rail traffic controllers that there was no imminent danger. Afterward, they resumed their journeys.
In a related development, AFP reported that two suspects, aged 24 and 29 and both Polish citizens, were apprehended in the eastern city of Bialystok. These individuals allegedly engaged in illegal hacking of the national railway’s communication network, causing disruptions to traffic flow. Polish authorities also seized radio equipment from their residence.
Poland plays a significant role in facilitating the transit of Western weaponry to Ukraine. This year, Poland’s internal security service ABW detained individuals linked to an alleged Russian espionage network. These detainees supposedly had assignments related to railway sabotage and interfering with supply chains.
Radio Transmitters as Cyber Weapons
Hackers used railway frequencies for a signal that made the trains start emergency stopping.
A simple and low-cost radio transmitter can replicate a radio command. In Poland, the railway network uses an analog VHF 150 MHz system to communicate. The country is shifting to a newer encrypted digital option, the GSM-R system, which should be done by late 2024. Unlike analog radio systems, the analog system lacks encryption or authentication.
Lukasz Olejnik, an independent cybersecurity researcher and consultant fluent in Polish, and the upcoming author of “Philosophy of Cybersecurity,” told Wired that the hackers had to send three acoustic tones at a 150.100 megahertz frequency. This made the train’s emergency stop function activate.
My comment in @WIRED about sabotage disrupting railways in Poland. Radio emission brings trains to a halt in several places. Who's behind unclear. Executing this sabotage is technically simple (I explain), though requires proximity. Solution: move to GSM-R https://t.co/hkasTop0uq pic.twitter.com/KjFnTMFNek
— Lukasz Olejnik (@LukaszOlejnik@Mastodon.Social) (@lukOlejnik) August 27, 2023
He said anyone could achieve this easily since the frequencies and tones are common knowledge, the equipment isn’t costly, and instructional YouTube videos and discussions on railway forums detail the process.
Radio’s first use in controlling trains dates to the early 20th century.
