Train-switching technology 'poses hacking threat'

Train signals and switches ahead of a station Network Rail says the switch to GSM-R technology will deliver a secure and robust switching system

Related Stories

A shift to a mobile communications technology could expose rail networks to hackers, according to a security expert.

Prof Stefan Katzenbeisser made the claim at the Chaos Communication Congress in Berlin.

The professor said that the systems which switch trains from one line to another could be shut down if encryption keys went astray.

He stressed that trains would not be in danger, but there could be delays.

Train-switching systems have historically been controlled by proprietary analogue systems.

At the end of the last century, more than 35 incompatible systems were used for railway communications across Europe.

GSM-R roll-out

A group of manufacturers met to address this and decided to switch to a single digital standard to ensure they could source replacement parts and make different companies' systems interoperable.

They developed GSM-Railway (GSM-R), a more secure version of the 2G wireless standard used by mobile phones.

It allows traffic controllers and train drivers to talk to each other, and for data to be transmitted recording the vehicle's speed and location.

When used with the European Train Control System, signallers can utilise the data to give the train permission to enter the next part of the track, theoretically making trackside signals unnecessary.

The technology is already being used in parts of Europe, Africa and Asia. Network Rail is rolling it out in the UK and aims to cover all Britain's rail lines by the end of 2014.

USB sticks

Prof Katzenbeisser believes the system is relatively secure from hackers under normal circumstances. However, the computer science expert from Technische Universitat Darmstadt warns that encryption keys, used to protect the communications, could pose risks.

"The main problem I see is a process of changing... keys. This will be a big issue in the future, how to manages these keys safely," he told Reuters news agency at the conference.

GSM-R lattice mast Network Rail says the GSM-R masts provide continuous, secure communication

The news agency said the keys are downloaded to physical media such as USB sticks before being distributed for installation.

It said the risk would occur if one of them fell into the wrong hands. This could allow hackers to mount a denial of service attack by overwhelming the signals system with traffic, forcing it to shut down.

"Trains could not crash, but services could be disrupted for some time," the professor said.

However, a spokesman for Network Rail played down the risk.

"GSM-R is a robust and secure system and Network Rail does not comment in detail on security," PJ Taylor, head of national news at Network Rail, told the BBC.

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features

  • Women doing ice bucket challengeChill factor

    How much has the Ice Bucket Challenge achieved?


  • Members of staff at James Stevenson Flags hold a Union Jack and Saltire flag UK minus Scotland

    Does the rest of the UK care if the Scots become independent?


  • HoneybeesCreating a buzz

    Can President Obama's taskforce save America's bees?


  • Tracer particles show the flow of water around coral (c) Orr H. Shapiro, Vicente I. Fernandez, Melissa S. Garren, Jeffrey S. Guasto, François P. Debaillon-Vesque, Esti Kramarski-Winter, Assaf Vardi, Roman Stocker, PNAS, 2014Troubled waters

    How corals stir up their world to draw in nutrients


  • Ayodeji Adewunmi, Olalekan Olude and Opeyemi Awoyemi standing outside in business attireJobbermen

    The student entrepreneurs behind Nigeria's online jobs giant


BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.