[SecurityRatty] tag: tram

The Continued Cheapening of the Word "Terrorism"

Tue, 08 Jul 2008 02:10:14 +0000

The Rail Tram and Bus Union (RTBU) said today it was planning a 24-hour strike by rail workers on July 17, the busiest day of the Catholic event. It is the day Pope Benedict XVI will make his way through the streets of Sydney during the afternoon peak. The NSW Government will take the matter to the Australian Industrial Relations Commission (AIRC) tomorrow. Mr Iemma said his Government would not cave in to the RTBU. "The Government will not be blackmailed into giving them what they want as a result of these industrial terror tactics," he said.

That's Morris Iemma, the Premier of New South Wales. Terrorism is a heinous crime, and a serious international problem. It's not a catchall word to describe anything you don't like or don't agree with, or even anything that adversely affects a large number of people. By using the word more broadly than its actual meaning, we muddy the already complicated popular conceptions of the issue. The word "terrorism" has a specific meaning, and we shouldn't debase it.

Hacking Polish Trams

Thu, 17 Jan 2008 12:43:06 +0000

A 14-year-old built a modified a TV remote control to switch trains on tracks in the Polish city of Lodz:

Transport command and control systems are commonly designed by engineers with little exposure or knowledge about security using commodity electronics and a little native wit. The apparent ease with which Lodz's tram network was hacked, even by these low standards, is still a bit of an eye opener.
Problems with the signalling system on Lodz's tram network became apparent on Tuesday when a driver attempting to steer his vehicle to the right was involuntarily taken to the left. As a result the rear wagon of the train jumped the rails and collided with another passing tram. Transport staff immediately suspected outside interference.

Here's Steve Bellovin:

The device is described in the original article as a modified TV remote control. Presumably, this means that the points are normally controlled by IR signals; what he did was learn the coding and perhaps the light frequency and amplitude needed. This makes a lot of sense; it lets tram drivers control where their trains go, rather than relying on an automated system or some such. Indeed, the article notes "a city tram driver tried to steer his vehicle to the right, but found himself helpless to stop it swerving to the left instead."

The lesson here is that security by obscurity, combined with physical security of the equipment, wasn't enough. This kid jumped whatever fences there were, and reverse-engineered the IR control protocol. Then he was able to play "trains" with real trains.

Unencrypted/Unauthenticated Wireless Control Systems Are a Very Bad Idea

Fri, 11 Jan 2008 17:33:14 +0000

A Polish teenager derailed a tram after building his own remote control to hack the control system. Best quote:

“Transport command and control systems are commonly designed by engineers with little exposure or knowledge about security using commodity electronics and a little native wit.”