Industry News

Rail Networks Vulnerable due to “Derailed” SCADA Security

Image credits: Pixabay / Unsplash

Rail network SCADA systems have been deemed vulnerable by Russian hackers, who published hard hardcoded industrial control system credentials.

Although the bugs found were not described in detail, Sergey Gordeychik, Aleksandr Timorin, and Gleb Gritsai say they involve vulnerabilities entertainment systems, collision-avoiding interlocking platforms and mobile communication.

“If somebody can attack the modem, the modem can attack the automatic train control system, and they can control the train,” said Gordeychik. “A lot of devices work on the same channel: like engineering equipment and user systems,” Timorin added.

The use of old and outdated operating systems coupled with internet connectivity to automate and offer newer functionalities has opened up vulnerabilities that can be easily exploited, according to the hacker trio.

The team found several code vulnerabilities and authentication issues that could let someone cause serious damages. In an attempt to help fix the found vulnerabilities and push vendors into releasing patches and fixes, they published a list of hard-coded passwords to some of the systems they’ve investigated.

“We are releasing the list to force vendors to not use hardcoded and default passwords,” said Gordeychik. “The first threat is to safety, or cyber-physical – the second is economic threats to impact efficiency and revenue, and the third is threats reliability.”

While some operators have already begun fixing some of the reported issues, the hacker team is confident that the seriousness of their findings, along with publicly sharing hardcoded passwords, will spur new security updates and procedures aimed at protecting rail networks.

About the author


Liviu Arsene is the proud owner of the secret to the fountain of never-ending energy. That's what's been helping him work his everything off as a passionate tech news editor for the past couple of years. He is the youngest and most restless member of the Bitdefender writer team and he covers mobile malware and security topics with fervor and a twist. His passions revolve around gadgets and technology, and he's always ready to write about what's hot and trendy out there in geek universe.