Loco Motives? Hacker Attacks Could Derail Train Cybersecurity, Researchers Say

It’s hard to argue with efficiency in tech or transportation. Despite the availability of air freight and commercial trucking services, trains stand out as both efficient and cost-effective when it comes to moving large quantities of material goods.

According to SecurityWeek, however, the supervisory control and data acquisition network (SCADA) systems used by many rail companies are vulnerable to hacker attacks, paving the way for a kind of cyber train robbery. But are cybercriminals really motivated to follow this track? And if so, what’s the impact for SCADA solutions at large?

Scary SCADA?

SCADA systems are an integral part of many enterprise systems, primarily in the energy generation and manufacturing sector. Historically, these systems have been good enough to secure critical components since money-motivated hacking groups had very little to gain by messing with power grids or impacting oil production.

The rise of nation-sponsored and ideologue-based hacktivism, however, has changed the game. Now, malicious actors may target these facilities in an attempt to drive political change or because they’re being paid by groups with specific global or national agendas. As noted by BizTech, the energy sector now faces the legacy of poorly secured SCADA systems and is playing catch-up as it hunts down specific — and often critical — vulnerabilities.

But energy companies aren’t the only ones using SCADA. Manufacturing firms often leverage these systems to keep track of production timelines and maintenance issues, while rail companies use SCADA to manage traffic control, crossing protection and switching yard automation. Just like their energy counterparts, these systems are vulnerable to hacker attacks under the right conditions.

Digital Divide Leads to Hacker Attacks

The basic principles of train operation haven’t changed. Steel wheels still roll on tracks, driven by enormous engines with a single purpose: pull. As noted by the SecurityWeek piece, however, the back-end infrastructure supporting this aim has evolved significantly. Digitally controlled signals have replaced human-operated points, while electronic passenger protection and information systems have made both occupying and operating trains a much safer, more enjoyable experience.

According to Popular Science, however, a team of researchers from German security firm SCADA Strangelove has spent the last three years working with train companies across the globe to assess SCADA flaws. The results? These systems are not OK.

At the 32nd Chaos Communications Conference (32C3), the research team rolled out a new paper titled “The Great Train Cyber Robbery.” It found a number of high-level security and safety issues: For example, some digital train switches need constant Internet access. If the signal is lost, trains automatically stop. A few systems also use default passwords on admin accounts even for high-level functions.

SCADA Strangelove went into more detail. Consider the use of WinAC RTX controllers as part of train protection systems by many European companies. It’s possible to control these devices without authentication or to use XML over HTTP to create malicious modification tools for the device. Hacking computer-based interlocking (CBI) systems, meanwhile, gives malicious actors the ability to control train routes and schedules, in turn allowing them to ransom back control or attempt to force a crash.

There’s also the problem of passwords. In addition to keeping admin passwords intact, the research team found that password data was often publicly available. One U.K. documentary about the country’s rail system included a shot that captured login details written on a post-it note. Even in cases where technology is secure, such as SIM cards, it’s possible for hacker attacks to take place using a GSM jammer, which would disrupt communications between trains and their control stations.

Real-World Problems?

The SCADA Strangelove researchers admit that in many cases, these hacks would require intimate knowledge of the SCADA system or the help of someone on the inside, either as a malicious accomplice or an inadvertent insider through the use of social engineering.

As noted by Fortune, however, the idea of hacked trains isn’t exactly far-fetched. In early December 2015, a Massachusetts Bay Transportation Authority (MBTA) train departed without an operator and coasted through four stations before coming to a stop. While no details have been released on exactly what caused the issue, the specter of hacking has already emerged, and with thousands of commuters riding the MBTA each day, digital vulnerabilities could have serious physical impact.

Bottom line? Hacker motives are changing. It’s no longer about the quick smash-and-grab; many malicious actors are looking for ways to wreak real havoc or acting on the instructions of a politically motivated nation-state. And what motivates governments and large corporations to change their ways? Infrastructure threats. With SCADA systems acting as an integral part of everything from energy to manufacturing and transportation, it’s no surprise that cybercriminals are learning to leverage vulnerabilities and discover just what kind of damage they can cause.

This isn’t a runaway freight train situation just yet. With proper monitoring, better detection and a realization that most existing systems aren’t up to the challenge, it’s possible to get SCADA back on track.

Learn more: Read the IBM Research Report on Critical Infrastructure

Douglas Bonderud

Freelance Writer

A freelance writer for three years, Doug Bonderud is a Western Canadian with expertise in the fields of technology and...