Security researcher Neil Smith exposed a dangerous flaw back in 2012 that lets hackers remotely trigger train brakes across America. Railroad companies have sat on this information for over a decade while locomotives remain vulnerable to radio frequency attacks. Hackers can use simple devices like the FlipperZero to stop trains from several hundred feet away.
More powerful equipment could extend that range up to 150 miles if attackers had access to aircraft and sufficient broadcasting strength. The Association of American Railroads refused to acknowledge the problem unless Smith demonstrated it live but also blocked any testing attempts. CISA officials admit they have monitored this vulnerability for years while working with industry partners on potential fixes.
The cybersecurity agency claims fixing the issue requires changes to standards-enforced protocols that are currently underway. Smith believes repairs could take years because the railway industry approaches cybersecurity like insurance companies handle claims. Physical access to rail lines and specialized knowledge limit widespread exploitation potential.
More powerful equipment could extend that range up to 150 miles if attackers had access to aircraft and sufficient broadcasting strength. The Association of American Railroads refused to acknowledge the problem unless Smith demonstrated it live but also blocked any testing attempts. CISA officials admit they have monitored this vulnerability for years while working with industry partners on potential fixes.
The cybersecurity agency claims fixing the issue requires changes to standards-enforced protocols that are currently underway. Smith believes repairs could take years because the railway industry approaches cybersecurity like insurance companies handle claims. Physical access to rail lines and specialized knowledge limit widespread exploitation potential.
