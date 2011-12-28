BERLIN Dec 28 Hackers who have shut down
websites by overwhelming them with web traffic could use the
same approach to shut down the computers that control train
switching systems, a security expert said at a hacking
conference in Berlin.
Stefan Katzenbeisser, professor at Technische Universität
Darmstadt in Germany, said switching systems were at risk of
"denial of service" attacks, which could cause long disruptions
to rail services.
"Trains could not crash, but service could be disrupted for
quite some time," Katzenbeisser told Reuters on the sidelines of
the convention.
"Denial of service" campaigns are one of the simplest forms
of cyber attack: hackers recruit large numbers of computers to
overwhelm the targeted system with Internet traffic.
Hackers have used the approach to attack sites of government
agencies around the world and sites of businesses.
Train switching systems, which enable trains to be
guided from one track to another at a railway junction, have
historically been separate from the online world, but
communication between trains and switches is handled
increasingly using wireless technology.
Katzenbeisser said GSM-R, a mobile technology used for
trains, is more secure than the usual GSM, used in phones,
against which security experts showed a new attack at the
convention.
"Probably we will be safe on that side in coming years. The
main problem I see is a process of changing ... keys. This
will be a big issue in the future, how to manage these keys
safely," Katzenbeisser said.
The software encryption 'keys', which are needed for
securing the communication between trains and switching systems,
are downloaded to physical media like USB sticks and then sent
around for installing -- raising the risk of them ending up in
the wrong hands.
(Reporting by Tarmo Virki; Editing by David Holmes)