this post was submitted on 15 Jul 2025
441 points (99.3% liked)

News

31031 readers
5033 users here now

Welcome to the News community!

Rules:

1. Be civil

Attack the argument, not the person. No racism/sexism/bigotry. Good faith argumentation only. This includes accusing another user of being a bot or paid actor. Trolling is uncivil and is grounds for removal and/or a community ban. Do not respond to rule-breaking content; report it and move on.

2. All posts should contain a source (url) that is as reliable and unbiased as possible and must only contain one link.

Obvious right or left wing sources will be removed at the mods discretion. Supporting links can be added in comments or posted seperately but not to the post body.

3. No bots, spam or self-promotion.

Only approved bots, which follow the guidelines for bots set by the instance, are allowed.

4. Post titles should be the same as the article used as source.

Posts which titles don’t match the source won’t be removed, but the autoMod will notify you, and if your title misrepresents the original article, the post will be deleted. If the site changed their headline, the bot might still contact you, just ignore it, we won’t delete your post.

5. Only recent news is allowed.

Posts must be news from the most recent 30 days.

6. All posts must be news articles.

No opinion pieces, Listicles, editorials or celebrity gossip is allowed. All posts will be judged on a case-by-case basis.

7. No duplicate posts.

If a source you used was already posted by someone else, the autoMod will leave a message. Please remove your post if the autoMod is correct. If the post that matches your post is very old, we refer you to rule 5.

8. Misinformation is prohibited.

Misinformation / propaganda is strictly prohibited. Any comment or post containing or linking to misinformation will be removed. If you feel that your post has been removed in error, credible sources must be provided.

9. No link shorteners.

The auto mod will contact you if a link shortener is detected, please delete your post if they are right.

10. Don't copy entire article in your post body

For copyright reasons, you are not allowed to copy an entire article into your post body. This is an instance wide rule, that is strictly enforced in this community.

founded 2 years ago
MODERATORS
rjc@lemmy.world
Thekingoflorda@lemmy.world
Tenthrow@lemmy.world
JonsJava@lemmy.world
gedaliyah@lemmy.world
little_cow@lemmy.world
jeffw@lemmy.world
enu@lemmy.world
jordanlund@lemmy.world
441
Hackers Can Remotely Trigger the Brakes on American Trains and the Problem Has Been Ignored for Years (www.404media.co)
submitted 2 days ago by RegularJoe@lemmy.world to c/news@lemmy.world
49 comments fedilink hide all child comments
top 49 comments
sorted by: hot top controversial new old
[–] SabinStargem 7 points 1 day ago

If I were the leader of Putin's military, I would make a purchase of hazardous materials that are to be simultaneously transported throughout America. From there, a hacking operation to derail their transports at key locations while in transit. East Palestine x1,000+.

Considering that the Trump Regime is fully in Putin's pocket, this sort of thing would go completely unopposed and utterly cripple America's train network for a decade.

...seriously, this vulnerability can seriously fuck up my nation. 🤕

[–] riskable@programming.dev 77 points 2 days ago (8 children)

Everyone's joking but this is a serious problem. Imagine you're a billionaire and someone wants to assassinate you. The would-be assassin could figure out when you have a doctor's appointment (or similar) and force a train to get stuck, blocking their route.

It would leave the billionaire stuck in traffic with no escape until the train(s) started moving again. An entire cavalcade of security personnel would also be stuck (if they had one).

Aside: It could also work for robbing something like a Brinks truck but let's be honest: In this dystopian world it's more likely that this vulnerability would be used to rob a food shipment 🙄

[–] Blackmist@feddit.uk 3 points 1 day ago

Imagine being so poor you're driven to a doctor's appointment rather that having them come to you.

[–] joyjoy@lemmy.zip 27 points 2 days ago (1 children)

I can finally enact my Red Dead Redemption 2 fantasy and rob a train.

[–] riskable@programming.dev 25 points 2 days ago (4 children)

Yeah! Go for it!

I'm curious to see how you'll haul away 19,600 gallons of corn syrup, 3,900 bushels of grain, 100 tons of random auto parts, 80 tons of paper reams, 70 tons of logs, 13,000 gallons of ammonia (or other dangerous chemicals), and the various other things that typically get shipped via rail these days.

You might get lucky and find a boxcar full of canned goods 👍

...or maybe even actual cars but... How would you get them off the train without the necessary equipment/track setup? 🤔

[–] Silic0n_Alph4@lemmy.world 5 points 2 days ago

He has a god damn plan, Arthur!

[–] knightly@pawb.social 7 points 2 days ago (1 children)

You know a good heist always needs that genius mechanic who can bodge a mechanical solution to such practical problems, or just have a flatbed truck with a crane or something.

If this were a movie, it'd end up with an 18-wheeler and whatever nonsense would be required to steal a whole train car. XD

[–] P00ptart@lemmy.world 7 points 2 days ago

The 18 wheeler gets picked up by a heavy lift helicopter and the hero has to jump on the truck from the top of a parking garage, fight the driver, then climb the cables to get to the gunners and pilot.

[–] OhStopYellingAtMe@lemmy.world 1 points 1 day ago

Stop the train and lock it down and hold it ransom. Refuse to release the train’s brakes until they pay $[desired amount].

[–] defaultusername@lemmy.dbzer0.com 22 points 2 days ago (2 children)

Billionaires take private jets or helicopters.

[–] morphballganon@mtgzone.com 2 points 1 day ago

No, they have the doctor driven out to see them.

[–] WindyRebel@lemmy.world 12 points 2 days ago (4 children)

To a doctor appointment? Where are they gonna land? Not every hospital or building has a waiting helipad just ready for joe billionaire.

[–] squaresinger@lemmy.world 3 points 1 day ago

If the doctor is unimportant enough to have a helipad, the doctor can come to the billionaire.

[–] RagingRobot@lemmy.world 6 points 2 days ago

Not the ones you can afford! Lol

[–] NABDad@lemmy.world 8 points 2 days ago (1 children)

The bigger hospitals most likely do have a helipad.

[–] P00ptart@lemmy.world 9 points 2 days ago

All 3 in my town have one and it's only 160k population.

[–] prole@lemmy.blahaj.zone 5 points 2 days ago* (last edited 2 days ago)

They certainly don't take trains in the US, that's for sure.

[–] sparky@lemmy.federate.cc 11 points 2 days ago

It’s like playing Mario Kart on Kalamari Desert. Sometimes you’re stuck waiting for a train and Luigi pulls up behind you.

[–] Trainguyrom@reddthat.com 2 points 1 day ago* (last edited 1 day ago)

Temporarily stopping a train has only so many useful applications for crime, sabatage or terrorism. Might be useful to rob a train if you can stop it in a remote location and steal some high value goods, but realistically most goods are either bulk commodities or shipping containers which are intentionally difficult to identify the contents of when closed. Basically you're just forced to open some containers and hope you find goods valueble enough to resell and make the risk worth the reward

Potentially you could stop a train with some auto racks and steal the vehicles but the VINs will be immediately marked as stolen so the resale value is immediately trashed, plus you'd have to figure out the logistics of getting the vehicles off of a train stopped in the middle of nowhere (they use specialized ramps to drive the vehicles onto and off of the ends of the train when loading and unloading)

From a terrorism/nation state perspective maybe if you can fly some planes overhead and keep spamming a stop signal for a few days you might be able to cause some logistics chaos by stopping all trains in the vicinity of a busy railroad yard, but given modern flight tracking that's extremely identifiable. Better to setup unmanned ground transmitters but that runs the risk of being caught/identified too quickly, and wireless signal triangulation is so easy there's even hobbiest events where people try to manually triangulate a signal for fun. Maybe if an attacked setup several base stations around the country and only sent the brake application signal extremely rarely they could lower rail reliability enough to cause some issues but to cause enough trouble to actually be useful from a nation state/terrorism point of view they'd have to show their cards. Honestly a terrorist or sabatuer is probably better off just blowing up a few bridges and tunnels which would be far more effective

[–] MehBlah@lemmy.world 2 points 1 day ago

Now that is the kind of story that would trigger a new attempt to fix this.

[–] DancingBear@midwest.social 1 points 1 day ago

I don’t see a problem in your hypothetical scenario 🤔

[–] NuXCOM_90Percent@lemmy.zip 3 points 2 days ago* (last edited 2 days ago) (1 children)

Or they can just get their IED on if they know the route and timeline to the degree that they can stop a train AFTER the point of no return. Otherwise it is just "Oh. 4th street is closed. I guess we'll take 8th street instead"

Its a problem. On the grand list of problems... it should be higher than it is but not all that much higher.

[–] altphoto 3 points 2 days ago

OK, I'm waiting for this movie. Go on, draw stuff. I'll wait right here. Could the good guy be Jacky Chan please?

[–] HugeNerd@lemmy.ca 17 points 2 days ago (1 children)

Joke's on them, 50% of the brakes don't work.

[–] Trainguyrom@reddthat.com 3 points 1 day ago

This vulnerability would have to trigger the airbrakes, which every single railcar has, and every car's airbrakes are daisy chained together. Airbrakes are failsafe, in that any loss of pressure results in brake application, and a full loss of pressure means full application. So if just one car on the train has a problem with its brake lines, the whole train is stopping whether the railroad likes it or not

[–] squaresinger@lemmy.world 5 points 1 day ago (1 children)

I guess this vulnerability has been ignored for years, because hackers also ignored it for years.

There's not a lot you can gain from this kind of vulnerability.

[–] Alcoholicorn@mander.xyz 3 points 1 day ago

The only hackers skilled enough to pull this off also happen to have thing for trains.

[–] ExLisper@lemmy.curiana.net 33 points 2 days ago

As long as it's also ignored by hacker you should be fine.

[–] kozy138@slrpnk.net 24 points 2 days ago

Considering how much rail regulations and budgets have been slashed in the past few years, we will probably end up using it as a feature. Safety hackers will need to make sure trains stop on the correct place/time, because there are only 1-2 employees for a 300 car train.

Or alternatively, tune in and subscribe for 'Twitch Drives a Cargo Train!'

[–] MyTurtleSwimsUpsideDown@fedia.io 25 points 2 days ago (1 children)

I may be misremembering, but wasn’t there a thing ~~10~~ 3 years ago or so where trains were randomly stopping somewhere in Europe. And I think it turned out to be a remote shutdown from the manufacturer (according to independent investigators. The manufacturer maintains that hackers added that code to their software) due to 3rd party replacement parts ~~or an unrenewed service contract or some other anticompetitive behavior.~~

Edit: Jiminy Cricket! It feels like it’s been 10 years. https://arstechnica.com/tech-policy/2023/12/manufacturer-deliberately-bricked-trains-repaired-by-competitors-hackers-find/

[–] ExLisper@lemmy.curiana.net 20 points 2 days ago

It was in Poland but in Poland you can still stop trains with radio signal of a specific frequency. No encryption, no validation. Anyone with a hobbyist level radio equipment can stop freight trains. And they do. Train operators usually just call the station, confirm that it's a prank and 5 minutes later start again.

https://www.wired.com/story/poland-train-radio-stop-attack/

Poland's national transportation agency has stated its intention to upgrade Poland's railway systems by 2025 to use almost exclusively GSM cellular radios, which do have encryption and authentication. But until then, it will continue to use the relatively unprotected VHF 150 MHz system that allows the radio-stop commands to be spoofed.

[–] qjkxbmwvz@startrek.website 16 points 2 days ago (1 children)

Are we talking fediveese hackers? You know, the socialist-furries-with-UNIX-socks hackers?

Those folks hate cars, not trains. I don't think we need to worry.

[–] Evil_Shrubbery@lemmy.zip 8 points 2 days ago

Yeah, but train yard sys admins are furries too (duh), maybe this is just a harmless place for their courtship rituals - train admins know the fediverse furries won't cause some insane immoral damage, so they don't patch their Win95 systems, so they just wait for the hack & that's when they slip into their DMs (like an ASCII fancy socks pic or something).

[–] skuzz@discuss.tchncs.de 10 points 2 days ago (2 children)

Wow, just something like 1200 baud FSK on 70cm. That's stupid simple, and stupid. They could use cellular modems (the locomotives already have one, normally) or LoRaWAN or....anything without even trying and it would be an improvement.

[–] Buelldozer 8 points 2 days ago (1 children)

They could use cellular modems (the locomotives already have one, normally) or LoRaWAN

The answer to a hyper-localized security issue isn't attaching the equipment to an insecure network nor is it shifting to use insecure IoT type devices.

[–] kugel7c@feddit.org 1 points 1 day ago* (last edited 1 day ago)

If you have rail standards of the 21st century cellular is absolutely what you should be using for rail see: GSM-R . Apparently the DOT is even looking at this.

Now you'd need to build cellular infrastructure along your lines for that system. US rail owners are terminally uninterested in building or maintaining rail infrastructure so that's not particularly likely to happen unless mandated.

[–] anarchy79@lemmy.world 1 points 2 days ago

But $!

For that one guy.

Outweighs the safety of a nation.

Don't you get it yet? You don't live in a society, you live in capitalism.

[–] capuccino@lemmy.world 6 points 2 days ago (1 children)

I just had an idea for a movie.

[–] sik0fewl@lemmy.ca 5 points 2 days ago

I've had it with these motherfucking brakes on this motherfucking train.

[–] sp3ctr4l@lemmy.dbzer0.com 7 points 2 days ago* (last edited 2 days ago) (1 children)

Cyberpunk train robberies.

Why not?

The economy is crashing, we'll just return to our Wild West roots, with a modern twist.

Not robberies of people, of course, the vast majority of American rail transit is logistics, moving stuff.

Why rip the copper wires out of an abandoned house or office when you could just get some guys with pickup trucks and get it from the source?

[–] anarchy79@lemmy.world 1 points 2 days ago* (last edited 2 days ago)

I'm all for it. The social contract was ripped in half a century and half ago. I'm ready AF, I saw this shit coming and prepared, I can live off the land like a motherfucker, and I already don't own shit.

You got a house, a car, a dog, a family to provide for? Yeah, you drank the koolaid and when the shit hits the fan you're all gonna die. I can't fucking wait to see this shit come crashing down- you all pumped money into it, now eat the consequences.

[–] joyjoy@lemmy.zip 5 points 2 days ago (1 children)

There is no fix. The mitigation is to buy a new train.

[–] CosmicTurtle0@lemmy.dbzer0.com 4 points 2 days ago

Yeah like our profit motivated CEOs will make the capital investment to buy a brand new train instead of lobbying to lower safety standards and regional regulations.

[–] someguy3@lemmy.world 5 points 2 days ago* (last edited 2 days ago)

I heard about metro trains getting bricked after 3rd party repairs. This makes it sound like freight trains but it paywalls quickly.

[–] orhtej2@eviltoast.org 4 points 2 days ago

On Polish Railway such signal is a well documented safety feature, and the police was quite successful hunting down morons who abused it last year.

[–] DeusUmbra@lemmy.world 2 points 2 days ago

Sounds like a useful tool for any revolutionaries out there.

[–] Evil_Shrubbery@lemmy.zip 1 points 2 days ago* (last edited 2 days ago)

'You wouldn't download an emergency train brake button (that is still functionally connected to the train you didn't download)'

[–] Lexam@lemmy.world 1 points 2 days ago

I was thinking about taking a train ride for my birthday...