The Cheap Radio Hack That Disrupted Poland's Railway System

Apparent Russian backers wrecked more than 20 trains in Poland with a simple “radio stop” order anyone could broadcast with a $30 device.

Since Ukraine and Russia first went to war in 2014, Russian hackers have sometimes used some of the most sophisticated hacking techniques ever to take down Ukrainian networks, disrupt the country’s satellite communications and even cause blackouts in hundreds of thousands of countries. Citizens of Ukraine. But the mysterious saboteurs who wrecked Poland’s railway system (NATO-backed Ukraine’s main transport infrastructure) over the past two days appear to have used a far less impressive technical hoax: tricking trains into triggering an emergency stop feature with a simple radio command .

More than 20 freight and passenger trains across Poland were shut down on Friday and Saturday in what Polish media and the BBC called a “cyber attack”. Polish intelligence is investigating the sabotage, which appears to have been carried out in Russia’s favor. The order to stop the train was reportedly interspersed with the Russian national anthem and part of a speech by Russian President Vladimir Putin.

After all, Poland’s rail system has been a major source of Western arms and other aid flowing into Ukraine as NATO seeks to bolster Ukraine’s defenses against Russian aggression. “We know that for several months there have been attempts to destabilize the Polish state,” Stanislaw Zaryn, a senior security official, told the Polish news agency. “At the moment, we are not ruling out any possibility.”

But Lukasz Olejnik, an independent Polish-language cybersecurity researcher, consultant and author of “Cyber ​​Attacks,” said that despite the devastating nature of the rail sabotage, on closer inspection, “cyber attacks” do not appear to be at all. Any “network” involved.upcoming book Cybersecurity Philosophy. In fact, the saboteurs appear to have sent a simple so-called “radio stop” command via radio frequency to the train they were targeting. Olejnik said that because the radio system used by the train lacked encryption or authentication of these commands, anyone with $30 off-the-shelf radio equipment could broadcast the command to the Polish train — on the 150.100 MHz frequency — and trigger its emergency stop function .

Also Read:

“It’s a three-tone message sent in succession. As soon as the radio equipment picks it up, the locomotive stops,” said Olejnik, pointing to a document outlining the different technical standards for trains in the European Union, which describes the ” radio stop” command. In fact, Olejnik said the ability to send commands has been described for years on Polish radio stations and train forums, as well as on YouTube. “Anyone can do it. Even teenagers are doing pranks. The frequencies are known. The tones are known. The equipment is cheap.”

Poland’s national transport agency has said it intends to upgrade Poland’s rail system by 2025 to use almost exclusively GSM cellular radios, which do feature encryption and authentication. Until then, though, it will continue to use the relatively unprotected VHF 150 MHz system, which allows spoofing of “radio stop” commands.

The only real limitation of a radio attack that disables a train is that the saboteurs have to be relatively close to the target train—anywhere from hundreds of feet to miles, depending on the power of the radio equipment they’re using, Olenik said. Interrupt operation. (Olenik is careful to point out that he has not tested the attack himself.) Given that the outage appears to have occurred in three different administrative regions across the country, having the device close enough to all the targeted trains is probably the best option saboteurs face. biggest challenge. “It’s really an inexpensive surgery,” Olenik said. “The biggest risk is the need to be close.”

Polish State Railways did not immediately respond to WIRED’s request for comment.but one Statement from the Railway Bureau It noted that the disruption to the train was caused by “an unauthorized broadcast of a stop signal by an unidentified perpetrator via wireless telephone.” “All trains with radios operating on the given frequency will stop immediately upon receipt of the radio stop signal,” the statement added.

Also Read:  Trump's Prosecution Is America's Last Hope

Despite these automatic emergency stops, the railway agency wrote, “No danger was threatened to the railway passengers. The result of the incident was only difficulty in the operation of the train.” The Polish News Agency reported that there were no casualties or property damage in the radio sabotage operation.

If Russia or its supporters did disrupt the Ukrainian ally’s rail system, the operation would not be unprecedented. In fact, Belarusian dissident hackers known as “cyber guerrillas” launched a rare political ransomware attack on the Belarusian Railways IT network in January 2022 to protest Belarus’ support for the Russian military in an attempt to stop Belarus from Take part in the invasion that just happened. a month later.

This breach of the Polish railway system does not appear to require any such ransomware, or even to infiltrate digital networks. But Olenik warned that the simplicity of the attack should not lead anyone to underestimate its impact, which is likely to continue to play out given the difficulty of stopping a radio attack on Polish trains’ unauthenticated communications systems.

“When you become a center of support for war-torn Ukraine, you really are a target,” Olenik said. “The low hanging fruit is always the best approach.”

Additional reporting by Lily Hay Newman.

Categories: Security