The Railroads don't want you to know about this one hack that can crash the American economy:.

RT @OndasHoldings: 🔒 Rail safety starts with secure networks. Legacy wireless systems weren’t built for today’s cyber threats. IEEE 802.16t….

RT @Mayhem4Markets: Oh that sounds tremendous

AAR's probable take "guys, we just happen to be upgrading radio technology. totally unrelated to anything else".

The statement from @AAR_FreightRail on this vulnerability is a master class on not acknowledging the vulnerability is real thus avoiding liability, and instead skips right over to "the devices are being replaced". WHY ARE THEY BEING REPLACED THEN??.

A lot of words to say - "low attack complexity"

RT @CeoOndas:

>ignores critical infrastructure vulnerability for 20years . "we're really committed to safety" 💀.

RT @TheRegister: A software-defined radio can derail a US train by slamming the brakes on remotely

RT @ive_m5: Mood

RT @ive_m5: $ONDS In my opinion - the value of networks (rail) segment just 10X'd overnight considering the 450mhz and 802.16t will be the….

RT @EricReuter: @midwestneil @Debug_sec Here is my talk:

RT @EricReuter: @rixon @midwestneil Exactly. During a legitimate emergency brake application, the brake line is vented from both the front….

These devices are also on passenger rail operations! With that said: DO NOT TRY THIS AT HOME. YOU WILL PROBABLY GET SOMEONE HURT.

So how bad is this? You could remotely take control over a Train's brake controller from a very long distance away, using hardware that costs sub $500. You could induce brake failure leading to derailments or you could shutdown the entire national railway system.

CISA finally agreed with me that publication would be the only remaining option to pressure AAR to fix this issue. And it kinda worked. In April they announced 802.16t will replace the EOT/HOT vulnerable protocol. When will this happen by? 2027 at best.

AAR's Director of Information Security decided this was not that big of a deal, and they were not going to do anything about it as the devices and protocol were 'end of life' which is ironic because they are still in use today. AAR walked away from talking to CISA multiple times.

No one really knows what happened to it, BUT they were 100% behind getting it right this time. We went back and forth with vendors and the AAR for a few months trying to get the right parties involved to address this issue.

In 2024 I noticed that ICS-CERT had re-orged a few times and I decided to open a new ticket with them to see what ever happened to this? Did they just give up?.

In 2018 Eric Reuter independently found the same vulnerability, but only gave a talk at defcon on reverse engineering the protocol. I'd highly recommend checking out PyEOT if you want specifics on RE'ing this vulnerability.