conference logo

Playlist "32C3: gated communities"

The Great Train Cyber Robbery

Sergey Gordeychik, Aleksandr Timorin and repdet

For years SCADA StrangeLove team speaks about vulnerabilities in Industrial Control Systems. Now we want to show by example of railway the link between information security and industrial safety and demonstrate how a root access gained in a few minutes can bring to naught all the years of efforts that were devoted to the improvement of fail-safety and reliability of the ICS system. Railroads is a complex systems and process automation is used in different areas: to control power, switches, signals and locomotives. At this talk we will analyze threats and vulnerabilities of fundamental rail-road automation systems such as computer based interlocking, automatic train control and automatic train protection. No vendor names and vulnerabilities details will be released, for obvious reasons. By the way, all research based on hands-on security exercises and most of issues are confirmed and processed by vendors.