Setting up a Wi-Fi network for passengers to use is practically a must for railway companies these days. Unfortunately, that welcome add-on for travelers can become a means for attackers to gain access to other networks and systems. To those skeptical about these possibility, Pen Test Partners researcher Ken Munro shared the results of his colleagues’ most recent pentesting efforts.
In both exercises, there was an exploitable lack of segregation between the passenger and the staff and train control networks, allowing them to interfere with the latter. Default credentials are another problem: during one probing they leveraged them to access travelers’ personal and payment card data (second class passengers had to pay for Wi-Fi access).
Read more about the findings of the research by Pen Test Partners on Help Net Security.