Report: GSM-R making rail services vulnerable to DoS attacks

A security conference has been told that GSM-R is open to being disrupted by Denial of Service (DoS) attacks that could overload train switching systems.

According to Professor Stefan Katzenbeisser of Technische Universität Darmstadt, GSM-R, a railways-specific communications technology, could be targeted by hackers who have shut down websites by overwhelming them with web traffic.

"Trains could not crash, but service could be disrupted for quite some time," Katzenbeisser told Reuters at the Chaos Communication Congress held in Berlin, Germany.

The centre of concern is that GSM-R is now being increasingly deployed by European train operators to improve the efficiency of their networks. This involves upgrading the train switching systems enabling trains to be guided from one track to another at a railway junction using modern wireless techniques. The addition of GSM-R enables Internet access and the risk of illegal access to the train switching network.

While Katzenbeisser was confident that the GSM-R would be safe from hackers for several years, he warned that the software encryption keys used for securing the communication between trains and switching systems are at risk of becoming available to hackers.

"The main problem I see is a process of changing these keys [which are carried on USB sticks]. This will be a big issue in the future, how to manage these keys safely," Katzenbeisser told Reuters.

For more:
- see this Reuters article
- see this Daily Telegraph article

Related Articles:
Huawei to supply rail wireless system in Germany
Nortel selling off GSM/GSM-R business
Rogue femtocells could be used to steal user data
Smartphones become target for cyber criminals