Cybersecurity

One Kid With A Radio Toy Stopped Three Bullet Trains. I Need A Nap.

NeglectedSheep

2 min read
Share
One Kid With A Radio Toy Stopped Three Bullet Trains. I Need A Nap.

I want you to understand something. I have been awake since yesterday. My third coffee went cold an hour ago. I have fourteen open tickets. And I just read that a student, with hobby radio equipment, grounded three bullet trains in Taiwan for nearly an hour and triggered a full anti-terrorism response.

A student. With a radio. That he was experimenting with.

I need you to sit with that for a second.

This wasn't a Wolf with nation-state backing and a zero-day. There was no hole in the fence carved by some elite coyote collective. This was a lamb, presumably in a dorm room, poking at software-defined radio technology and accidentally yelling "STOP" at three high-speed trains doing several hundred kilometers per hour.

They stopped. The trains just... stopped. For fifty-seven minutes.

The rail authority scrambled an anti-terrorism response. Counter-terrorism units. For a kid with a USB dongle and too much free time. I genuinely cannot tell if this is hilarious or if I should just turn off the lights and go lie down in a field somewhere.

Here is the actual problem, and I will say it plainly because I am too tired to be subtle: critical rail infrastructure was apparently listening to unvalidated radio signals with the credulity of a lamb who just received fake grain from an unknown sender. No authentication. No signal verification worth mentioning. The electric fence around these systems was apparently decorative.

The Shepherds, naturally, are "reviewing their protocols." Wonderful. Groundbreaking. I'm sure a strongly worded memo will fix the gaping hole in the wireless command architecture.

The student was not malicious. He was curious. Imagine if he had been.

I don't have to imagine. That's the part that's keeping me awake. Well. That and the fourteen tickets.

Remediation

Look, the fixes here aren't even exotic. They're just embarrassing to not already have:

For Rail Operators and OT Environments Generally:

  • Authenticate your command signals. If your train stops for anyone with a $30 USB radio, you have a design philosophy problem, not just a gap.
  • Implement signal validation and cryptographic authentication on safety-critical wireless communications. This is not a new idea.
  • Conduct RF threat modeling. Someone should have asked "what happens if someone broadcasts on our frequency" before deploying the system, not after the trains stopped.
  • Segment your OT networks from anything a curious lamb with a laptop could reach, physically or wirelessly.
  • Run red team exercises that include radio frequency attack scenarios. Hire a wolf. A controlled one.

The Shepherds should probably also stop waiting for incidents to care about this stuff, but I've been saying that for six years and I'm still here writing blog posts at 2am, so.

Go drink some water. Not me though, I'm having another coffee.

Original Report: https://www.darkreading.com/ics-ot-security/taiwan-incident-highlights-cybersecurity-gaps