The US cybersecurity agency CISA has revealed a critical vulnerability in train brake control systems that could be exploited remotely to cause sudden train stops or derailments. This flaw affects the communication protocol used by End-of-Train and Head-of-Train devices, which are currently planned for replacement, but pose a significant safety risk. #CISA #CVEin2025-1727
Keypoints
- The vulnerability CVE-2025-1727 affects train brake control systems using a vulnerable radio protocol.
- An attacker can send malicious commands remotely due to lack of authentication and encryption.
- Researchers have warned that exploiting this flaw could cause sudden train stops or derailments.
- The AAR has been slow to address the issue, with plans to upgrade devices starting in 2026.
- Previous discoveries of this weakness date back to 2005, illustrating long-term neglect.
Read More: https://www.securityweek.com/train-hack-gets-proper-attention-after-20-years-researcher/