Security Update News
Update Information
| Title |
Hacking Trains |
| Update ID |
SCHNEIER:D7F7937F24D6F307C699DFE19A68902E |
| Type |
schneier |
| Published |
2025-07-16T16:57:16 |
| Last Updated |
2025-07-16T16:57:16 |
Security Impact
AI Analysis
| AI Description |
A vulnerability in the End-of-Train and Head-of-Train communication protocol allows potential interference via software-defined radios, exploiting the lack of encryption and authentication in the system. |
| AI Severity |
High |
| AI Vendor |
Unknown |
| AI Product |
Flashing Rear End Device (FRED) and Head-of-Train (HOT) |
| AI Version |
Unknown |
Update Details
Seems like an old system system that predates any care about security:
> The flaw has to do with the protocol used in a train system known as the End-of-Train and Head-of-Train. A Flashing Rear End Device (FRED), also known as an End-of-Train (EOT) device, is attached to the back of a train and sends data via radio signals to a corresponding device in the locomotive called the Head-of-Train (HOT). Commands can also be sent to the FRED to apply the brakes at the rear of the train.
>
> These devices were first installed in the 1980s as a replacement for caboose cars, and unfortunately, they lack encryption and authentication protocols. Instead, the current system uses data packets sent between the front and back of a train that include a simple BCH checksum to detect errors or interference. But now, the CISA is warning that someone using a software-defined radio could potentially send fake data packets and interfere with train operations.
View Advisory Details
