Recently, Poland’s railway system has been disrupted by saboteurs who appear to be acting in support of Russia. More than 20 trains carrying both freight and passengers were halted across Poland. The attacks are significant because Poland’s railway system is a crucial transit infrastructure for NATO in its support of Ukraine. The saboteurs used a simple yet effective method: spoofing a radio command that triggers the trains’ emergency stop function. They interspersed these commands with the Russian national anthem and parts of a speech by Russian President Vladimir Putin.
According to Lukasz Olejnik, an independent cybersecurity researcher, the attack didn’t involve any sophisticated hacking but exploited a vulnerability in the trains’ radio system. The system lacks encryption or authentication for emergency stop commands, allowing anyone with basic radio equipment worth as little as $30 to halt a train. Olejnik pointed out that this vulnerability has been discussed in Polish forums and on YouTube for years.
Poland’s national transportation agency plans to upgrade the railway systems by 2025 to use GSM cellular radios with encryption and authentication. Until then, the current VHF 150 MHz system remains susceptible to such attacks. The only limitation for the saboteurs is the need to be in close proximity to the target trains.
While no injuries or damages were reported, the disruptions have raised concerns about the security of Poland’s railway system, especially given its role in aiding Ukraine against Russia’s invasion. Olejnik warns that the simplicity of the attack should not lead to underestimating its potential impact, as it highlights the vulnerabilities in critical infrastructure.
Source: Wired
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.