The Cheap Radio Hack That Caused Disruption in Poland's Railway Network
The Executive Headlines
Since 2014, the conflict between Ukraine and Russia has unfolded in various dimensions, including cybersecurity. Russian hackers have gained notoriety for deploying sophisticated techniques to disrupt Ukrainian networks and infrastructure.
However, a recent incident has brought a new, less sophisticated but effective method into the spotlight: radio commands to halt Poland's railway system, a crucial transit infrastructure for NATO in supporting Ukraine.
The Railway Cyberattack
On August 25 and 26, 20 of Poland's trains carrying passengers and freight stopped in what has been described as a "cyberattack." These incidents have raised alarms as they directly impact the movement of essential resources to bolster Ukraine's defense against Russia's invasion.
The saboteurs behind this disruption are suspected to be in support of Russia. They not only interrupted the railway system but also incorporated elements of the Russian national anthem and speeches by President Vladimir Putin into their commands.
Polish intelligence services have launched an investigation into these incidents.
A Closer Look at the Attack
Despite initially labeling this event as a "cyberattack," cybersecurity experts like Lukasz Olejnik point out that it involved no cyber elements.
Instead, the saboteurs exploited a vulnerability in the railway's communication system, sending simple "radio-stop" commands via radio frequency to the targeted trains.
Poland's trains use a radio system without encryption or authentication for these commands. Olejnik explains that anyone with minimal equipment, costing as little as $30, could broadcast the radio-stop commands to a Polish train, which triggers their emergency stop function.
This method's simplicity is underscored by the fact that the frequencies and tones required are publicly known and have been discussed in online forums for years.
Limitations of the Attack
One significant limitation of this radio-based attack is the need for proximity to the target trains, ranging from hundreds of feet to miles, depending on the radio equipment's power.
This limitation suggests that the saboteurs had to be relatively close to the trains they targeted, making logistics a critical challenge in carrying out such operations.
The Response and Future Security
Poland's national transportation agency plans to upgrade its railway systems by 2025 to use more secure GSM cellular radios, which offer encryption and authentication.
However, until this transition is complete, the relatively unprotected VHF 150 MHz system will remain in use, leaving room for potential attacks of this nature.
Despite the disruption caused by the radio attack, there have been no reported injuries or significant damage.
The railway agency reassured passengers that there was no immediate threat to their safety.
If it is confirmed that Russia or its supporters were behind this railway disruption, it would not be the first time such tactics were used to target a country's infrastructure.
In January 2022, Belarusian hackers launched a ransomware attack against Belarus Railways' IT network to protest Belarus' support of the Russian military.
The simplicity of the radio-based attack should not lead to underestimating its effects, as it exposes vulnerabilities in unauthenticated communication systems. This incident serves as a reminder that even low-tech approaches can disrupt critical infrastructure, especially when nations are involved in conflicts.
In the words of Lukasz Olejnik, "When you're a hub of support to war-stricken Ukraine, you're indeed a target. Low-hanging fruits are always the best approach."
The recent disruption of Poland's railway system highlights the evolving tactics of cyber warfare and the vulnerability of critical infrastructure.
While high-tech cyberattacks garner significant attention, this incident underscores the importance of addressing more straightforward yet effective forms of disruption.
As Poland moves towards more secure communication systems, protecting against these unconventional threats remains challenging.