Hacking Polish Trams
A 14-year-old built a modified a TV remote control to switch trains on tracks in the Polish city of Lodz:
Transport command and control systems are commonly designed by engineers with little exposure or knowledge about security using commodity electronics and a little native wit. The apparent ease with which Lodz’s tram network was hacked, even by these low standards, is still a bit of an eye opener.
Problems with the signalling system on Lodz’s tram network became apparent on Tuesday when a driver attempting to steer his vehicle to the right was involuntarily taken to the left. As a result the rear wagon of the train jumped the rails and collided with another passing tram. Transport staff immediately suspected outside interference.
Here’s Steve Bellovin:
The device is described in the original article as a modified TV remote control. Presumably, this means that the points are normally controlled by IR signals; what he did was learn the coding and perhaps the light frequency and amplitude needed. This makes a lot of sense; it lets tram drivers control where their trains go, rather than relying on an automated system or some such. Indeed, the article notes “a city tram driver tried to steer his vehicle to the right, but found himself helpless to stop it swerving to the left instead.”
The lesson here is that security by obscurity, combined with physical security of the equipment, wasn’t enough. This kid jumped whatever fences there were, and reverse-engineered the IR control protocol. Then he was able to play “trains” with real trains.