A trio of Russian hackers say core flaws in rail networks are opening trains to hijacking and derailment and have published dozens of hardcoded industrial control system credentials to kick vendors into action.
Industrial control specialist hackers Sergey Gordeychik, Aleksandr Timorin, and Gleb Gritsai did not describe the bugs in detail, since that would allow others to replicate the attacks nor reveal the names of the affected rail operators.
Flaws affect various systems including mobile communication and interlocking platforms that control braking and help prevent collisions.
There are also possible paths between trains’ operational systems and passenger entertainment systems, they say.
Original Source: The Register
View the full story here