Report: Train systems susceptible to DoS attacks

German professor claims increasing use of wireless tech for communications between trains and rail switches opens opportunity for denial-of-service attacks against train systems.

Modern train systems that use wireless technology for communications between trains and switches can be susceptible to the same denial-of-service (DoS) vulnerabilities and attacks as those in the Web environment.

A report by Reuters Wednesday cited Stefan Katzenbeisser, professor at Technische Universität Darmstadt in Germany, as saying that switching systems were at risk of DoS attacks that could lead to "long disruptions to rail services".

"Trains could not crash, but service could be disrupted for quite some time," he told Reuters.

The report noted that while train switching systems, which enable trains to be guided from one track to another at a railway junction, used to be impervious to such threats, the communication between trains and switches is increasingly being handled by wireless technology.

Katzenbeisser added that GSM-R, a mobile tech designed for trains, is more secure than the usual GSM system used for consumer mobile phones, which have been shown to be prone to hacking.

The professor added that software encryption "keys", needed for securing the communication between trains and switching systems, could be a weak security link because these keys are downloaded to physical media such as USB sticks, and then circulated among employees for installing. This, thus, increases the risk of them falling into the wrong hands, he explained.

"Probably we will be safe on that side in coming years," Katzenbeisser noted. "The main problem I see is a process of changing...keys. This will be a big issue in the future, how to manage these keys safely."