tram cyberattack

The series The Sentryo Files: Industries vs Cyberattacks continues! Did you find the connected car hack interesting? Today, find out more about the tram cyberattack in the city of Lodz!

Tram cyberattack in Poland: 4 derailments and 12 injured

In 2008, after a teenager in Poland took control of the track points control system, 4 trams derailed and 12 people suffered mild injuries. A young hacker managed to modify a TV remote control to take control of track points.

How did the tram cyberattack play out?

In the city of Lodz in Poland, a teenager infiltrated the tram depot and studied the network and trams over a long period of time. His research enabled him to collect information and build a device capable of controlling the track points system for trams. Unfortunately, at the time, very few technical elements were revealed; therefore, we do not have more precise information.

The young attacker used a simple TV remote control which he had modified to build his device. When interrogated by the police, he confessed that he had taken control of the track points system just “to have fun”.

The first consequences of the attack were observed in the signings system of the tram network. When a tram driver tried to turn the tram right, it involuntarily turned left, derailing the last car and sending it crashing into another tram. That was when staff started to suspect an external attack.

Without even realizing the scope of his acts, the teenager derailed 4 trams by modifying the track points and as a result caused physical injury to 12 people and substantial material damage.

How can we protect ourselves from this type of cyberattack?

Like with all attacks, the tram cyberattack occurred as a result of a security flaw. This flaw is based on transport control and command systems that are generally designed by engineers who are not current with the challenges of cybersecurity.

With regards to this cyberattack, the ease with which the Lodz tram network was infiltrated is alarming. Using a proprietary protocol does not safeguard you from attacks.

3 protection measures you should set up

The following measures could have prevented this incident from occurring:

  • Mutual authentication to guarantee that only authorized equipment can communicate with the track points system;
  • Anti-replay mechanisms to prevent simple attacks from replaying legitimate orders or operations.

The hacker was lucky he didn’t kill anyone. This teenager, who only wanted “to have fun”, caused serious damage with very few resources by exploiting flaws which would have been easy to resolve. It is important to prevent all forms of cyberattacks! All infrastructures are potential targets for attacks (from water current turbines to cars and water treatment plants!). Be wary of vulnerabilities and anticipate all risks.

Go further
Discover all the episodes of The Sentryo Files: Industries vs. Cyberattacks. Read on every detail of the hijacking of a connected car and the analysis of the TCAA cyberattack.

Sources: reports drafted by the SCADA work group of the French Information Security Club (Clusif) in 2017.