Hackers can jump from passenger Wi-Fi to train control networks

Setting up a Wi-Fi network for passengers to use is practically a must for railway companies these days. Unfortunately, that welcome add-on for travelers can become a means for attackers to gain access to other networks and systems. To those skeptical about these possibility, Pen Test Partners researcher Ken Munro shared the results of his colleagues’ most recent pentesting efforts.

In both exercises, there was an exploitable lack of segregation between the passenger and the staff and train control networks, allowing them to interfere with the latter. Default credentials are another problem: during one probing they leveraged them to access travelers’ personal and payment card data (second class passengers had to pay for Wi-Fi access).

Read more about the findings of the research by Pen Test Partners on Help Net Security.

Gain Deeper Insights Into The Threat

Sign up to gain access to our special reports on threat actors and their tactics as well as daily Threat Brief.

Your support will enable us to continue our production of action-oriented content and help us help you stay informed on the latest in adversary activities.

Try our free two week trial.

Sign Up For Free Trial of The Daily Threat Brief