#Poland investigates #cyberattack on rail network
#Hackers broke into #railway frequencies to disrupt traffic in the north-west of the country overnight, the Polish Press Agency (PAP) reported on Saturday.
The signals were interspersed with recording of russia's national anthem and a speech by President vladimir putin, the report says
Poland is a major transit hub for Western weapons being sent to #Ukraine
Read more here🔗 https://www.bbc.co.uk/news/world-europe-66630260
@EugeneMcParland I'm surprised Poland hasn't already deployed GSM-R (which should be less vulnerable to such attacks, or at least there would be no gain in playing music over the frequencies as no one would hear it). Its easy enough to upset the analogue radio schemes used on the railways as me and my friends did this completely by accident in the 1980s with a pirate transmitter (the UK was an outlier and still used part of the FM broadcast band for railway comms until 1990s)
The embarrasing part is that the hackers haven’t really “broken” anything, they simply broadcasted used on the frequencies used by PKP, which seem to be simple analog, unprotected radio :)
@kravietz @EugeneMcParland @vfrmedia
The unprotectedness of the mechanism is (or maybe was) IMO a feature: it's hard to conceive of a way in which e.g. some trains obey a stop signal while others don't (as long as they have their radios set to the locally-correct channel). The extent of testing of train-local systems consists of sending the signal on a test channel (and making sure a test receiver acknowledged it) and asking a test transmitter to send a signal on the test channel (and checking that the appropriate actuation happened). If there was any authentication, then there'd be more potential failure modes.
