A student with a laptop and a radio stopped four high-speed trains. The crypto keys hadn’t been changed in 19 years.

Posted on By 164news66 No Comments on A student with a laptop and a radio stopped four high-speed trains. The crypto keys hadn’t been changed in 19 years.

A Student Stopped Four High-Speed Trains Using Just a Laptop and Radio

A 23-year-old hacked Taiwan’s high-speed rail with a laptop and cheap radios, exploiting crypto keys unchanged for 19 years.

May 17, 2026 – 9:35 am
Image by: Canva

TL;DR

At 23:23 on April 5th, a 23-year-old university student in Taichung transmitted a falsified General Alarm signal into the Taiwan High Speed Rail Corporation’s internal radio system. This caused four trains travelling at up to 300 km/h to receive an emergency alert and switch to manual braking, disrupting the entire high-speed rail network for 48 minutes.

The student, identified only by his surname Lin, cracked through seven layers of verification using a laptop, a software-defined radio he bought online, and a handful of handheld radios. The cryptographic keys protecting the system had not been changed in 19 years.

The Radio System Compromised

The radio system Lin compromised is TETRA (Terrestrial Trunked Radio), a standard developed in the 1990s for encrypted voice and data communication, used by police, emergency services, airports, and transport networks in approximately 120 countries. THSRC’s TETRA deployment dates to the rail line’s opening in 2007.

According to Tom’s Hardware, the system’s cryptographic key rotation, which needs to be configured and scheduled at installation, appears never to have been implemented. When Lin was four years old, someone set the keys. Nobody changed them.

The Attack

The attack itself was straightforward:

  1. Lin used a software-defined radio to intercept THSRC’s radio traffic.
  2. He downloaded the captured signals to his laptop, decoded the TETRA parameters, and programmed the same codes into handheld radios.
  3. He then transmitted a cloned General Alarm signal that appeared to originate from a station employee, triggering emergency braking procedures across the network.

Police described the method as rudimentary.

Underlying Vulnerabilities

The vulnerability Lin exploited is not new. In 2023, Dutch cybersecurity researchers at Midnight Blue disclosed a deliberate backdoor in the TETRA encryption algorithm, affecting radios manufactured by Motorola, Damm, Hytera, and others. They found that the system could be cracked in under a minute using consumer-grade hardware, potentially allowing attackers to send malicious commands to critical infrastructure or eavesdrop on emergency services.

Despite Midnight Blue’s warnings, many critical infrastructure operators were unresponsive. Taiwan’s case demonstrates what happens when those warnings go unheeded.

RTL-SDR, a specialist publication that has tracked TETRA vulnerabilities for years, speculates that THSRC’s system may have been using TEA1.

Clock

Leave a Reply

Your email address will not be published. Required fields are marked *