A report published in The Register says that Russian
hackers claimed to have found out flaws in rail networks which allow crooks to
hijack and derailment.
The flaws reportedly affect various systems including mobile
communication and interlocking platforms that control braking and help prevent
collisions.
“Industrial control specialist hackers Sergey Gordeychik,
Aleksandr Timorin, and Gleb Gritsai did not describe the bugs in detail, since
that would allow others to replicate the attacks nor reveal the names of the
affected rail operators,” the report reads.
According to the report, "If somebody can attack the
modem, the modem can attack the automatic train control system, and they can
control the train," Gordeychik says
So, there is a danger as the flaws expose physical systems
like power grids, dams, and trains to unauthorized external modification in
ways largely unknown to those outside of the security industry.
It is said that human programming errors were responsible
for various remote code execution holes which could affect interlocking
systems.
“We are releasing the list to force vendors to not use
hardcoded and default passwords," an irritated Gordeychik says.
The Register
report says that the attack vectors against computer-based interlocking include
attacks against workstation, attacks against networking gateways that connect
interlocking to the rest of the world, and communications between CPU and
object controllers and wayside devices.