back to article Polish teen derails tram after hacking train network

A Polish teenager allegedly turned the tram system in the city of Lodz into his own personal train set, triggering chaos and derailing four vehicles in the process. Twelve people were injured in one of the incidents. The 14-year-old modified a TV remote control so that it could be used to change track points, The Telegraph …

COMMENTS

This topic is closed for new posts.

Page:

  1. alain williams Silver badge

    Give him a job!

    OK: he might be a bit young - but he sounds like someone with a brain that works.

  2. Anonymous Coward
    Anonymous Coward

    lol

    and we're all worried about the security of airlines and nuclear powerplants, changing the signals/points for a 60 -> 100mph train would appear a far better terror tactic.

    As it gives a quad whammy, train crash means

    a: injuries/deaths

    b: puts a line out of service until fixed and complete investigation done.

    c: probably hard to trace if it were possible and the fact that it was intentional may not come to light until it had happend several times.

    d: actual fear of using transport network, bombs are far fetched as they're reasonably hard to make and can only be used once, where as a device to change switches or signals, well that'll work as long as you have batteries. You never know when it may go horribly wrong.

    Course it may not be possible at all with the UKs aging network, you probably need to move a lever or something.

  3. Steve Evans
    Coat

    Surely...

    You mean Łódź. (That's assuming you don't filter extended characters from comments!)

  4. John Macintyre
    Thumb Down

    @Give him a job!

    Brains that work? Ok he hacked the system, but he derailed 4 trains and hurt a load of people. throw him at an oncoming train more like.

  5. W.Hower

    A Job?

    A bloody Nobel I reckon.

  6. N1AK

    Who Built It?

    The 14 year old certainly deserves some punishment as the actions were dangerous, although likely not with malice. At 14 I was smart enough to know better, but probably not wise enough to show it, it sounds similiar here and ruining his life for it is just a waste.

    How ever I would want to see who ever is responsible for the flawed system being there in the first place charged with criminal negligence.

  7. Duncan Watts

    Worrying

    Nice if this worked on UK traffic lights... I'd go get one of those remote control watches I remember so fondly for causing havoc in schools.

    But doesn't anyone else think having a train line controlled by an infra red signal slightly worrying?

  8. Anonymous Coward
    Dead Vulture

    @Anonymous Coward

    Reading your quad whammy list has made me realise that this strategy has been in place for years in the UK.

  9. Anonymous Coward
    Stop

    Flawed?

    Why is the system flawed, you cant protect against every and any potential problems that a system may face. Generally you don't expect teenagers to hack into the rail system. I mean who does that? and why?

  10. Eddie Edwards
    Stop

    Brain that works?

    Sounds to me like he just programmed a universal remote. Hardly rocket science. And when I was his age my brain did morality too.

  11. Nick
    Thumb Up

    @Duncan

    Theoretically you could (at least for some of them). Some traffic lights have sensors in them that detect when emergency service vehicles or buses approach and 'green light' them. Never seen a public exploit for it though...

  12. The Mole

    Worrying?

    Duncan this is a tram line not a train line, the difference is trams are slow moving and hence can stop very quickly (unlike your average train). Therefore I'd assume that the system is totally decentralized (and so cheaper), I'd guess the tram drivers have infrared controls within their trams which they use to switch the points. Through the use of basic procedures etc that the tram drivers follow I imagine the system works very well with minimal costs. The worst case is that two trams end up on the same track but this isn't a problem as long as the drivers are paying attention as they'll notice the other great big tram and stop in plenty of time. All this saves having complicated computer controlled networks, expensive cabling and computer errors.

    I imagine this is what the orginal designers thought and they had a point. Unfortunately for them they didn't consider the security implications. At the end of the day though I'm not sure what a sensible solution is, a set of armed guards at every point maybe? Anything less and there is still plenty of options of physical intervention to manually change the point.

  13. Chris Williams

    Re: Worrying

    "...doesn't anyone else think having a train line controlled by an infra red signal slightly worrying?"

    Yes, I'm happier with the tin cans and wet string in use on the Underground!

  14. Anonymous Coward
    Anonymous Coward

    @CooperMan

    lol - all the talk of the wrong kind of leaves makes sense now! They just didn't want us to know that someone had a pocket point remote control.

  15. Rob Sked
    Stop

    @Worrying

    Perhaps it just looked like a TV remote, and actually used a wireless signal instead? Send the right signal to change the track.

    I'll be struck dumb if they do use IR to change track points.

  16. Neil

    IR?

    So do Polish tram signal systems work on IR? So anyone with a cheap programmable all-in-one remote could play with trains at will? Blimey.

  17. Adam

    @Duncan Watts

    Traffic Lights - it's been thought of already. A company we used for penetrations tests had a job to try and crack the IP interface of some traffic lights and see what they could do with them. I don't know what they found though.

  18. Michael Compton

    Re: lol

    Trams and trains are on tracks and would rarely go towards financial or military buildings/installations so the powers than be wouldn't really care about the terror threat.

    And theres u thinking it was all about your safety, afraid not its the money and big boys toys they're really worried about :)

  19. Dave
    Happy

    It's so sad when a promising youngster goes off the rails

    te he

  20. Joe M

    The Addams family?

    Just a thought. Is he related to Gomez Addams by any chance?

  21. Anonymous Coward
    Thumb Down

    Good grief

    Why isn't it reasonable to take this kid out the back and give him a darn good kicking? Using the trams as a personal train set? Git.

  22. Tom
    Paris Hilton

    Hmm

    Did he actually hack anything?

  23. SImon Hobson Bronze badge

    Is this a contender for understatement of the year ?

    "The apparent ease with which Lodz's tram network was hacked, even by these low standards, is still a bit of an eye opener."

  24. Anonymous Coward
    Anonymous Coward

    No more esoteric arguments please

    @Tom: "Did he actually hack anything?" No, the tram derailed itself.

  25. Anonymous Coward
    Go

    Too smart or too dumb?

    The world is full of kids who are too smart for their own good, and full of systems (and system designers) who are too dumb or too short-sighted for their own good.

    "Transport command and control systems are commonly designed by engineers with little exposure or knowledge about security using commodity electronics and a little native wit."

    Hopefully the Boeing 787 Dreamliner is built with better security procedures.

  26. andy gibson
    Unhappy

    Talented = Autistic?

    A lot of people are suggesting that the kid should have known better and deserves a kicking or thrown in front of a train.

    Maybe they should stop to realise that a number of these "child geniuses" may be autistic and not know any better? I've known a few prodigies like this who are extremely intelligent and gifted yet don't always know the difference between right and wrong because of their condition.

    The authorities should be concentrating their efforts on terrorists realising this untapped potential of high intelligence and 'grooming' them to perform terrorist acts.

  27. Alze
    Happy

    Give him a job at network rail

    He at least will have the trains running on time and better saftey record.

  28. Chris C

    re: Give him a job!

    "OK: he might be a bit young - but he sounds like someone with a brain that works."

    How do you figure? Because he was able to break into the depots, retrieve the necessary specifications, and was able to read them? I know that both the US and UK have education problems, but certainly the ability to read should not be interpreted as "a brain that works", even by today's standards. Nor should it be reason for praise, awards, or anything else.

    His actions were unethical, illegal, and dangerous. He should not be awarded, he should be punished.

  29. Steve Button Silver badge
    Alert

    @Nick - never seen a public hack of traffic lights?

    I thought everyone knew about this one. You just flash your car headlights as you approach (about the same speed as you'd have if it was a police car flashing light) and the light changes to green much quicker.

    This works especially well with roadworks at night where there is no one coming the other way, so you don't have to sit at a pointless red light.

    Steve

  30. Seanie Ryan
    Paris Hilton

    how

    how come nobody has asked how the kid was caught?

    "oh, the train has derailed... hey that kid has a tv remote - Get him!!!"

    the paris icon because it has a question mark ;-)

  31. Anonymous Coward
    Anonymous Coward

    Security-careless installation engineers

    A couple of years ago the powers that be refitted the whole of Clapham Junction train station with new train-information screens. For months after, they helpfully left little stickers bearing their individual IP addresses on each and every one. By itself, this hardly opens a hack, but it does dangle temptation in front of the eyes of potential teenage meddlers...

  32. W
    Stop

    @ Steve Button

    "You just flash your car headlights..." "...and the light changes to green much quicker."

    Apparently not.

    http://www.snopes.com/autos/law/strobe.asp

  33. W
    Stop

    @ me

    Press F5 fast enough and the 'Stop' icon changes to 'Go'.

  34. Hugo
    Boffin

    Photos of his kit

    Miroslaw Micor, spokesman for the Łódź police, contradicts himself:

    "He ... built a device that looked like a TV remote control and used it to manoeuvre the trams and the tracks"

    then

    "He had converted the television control into a device capable of controlling all the junctions on the line"

    So did he build a device or convert a telly remote? The Torygraph story said he trespassed at depots to get info and equipment to build the IR device, the latter. There are also photos on the Torygraph story of some of his kit: a lot of keys, and what looks like a front bicycle light and a calculator, possibly connected.

    http://www.telegraph.co.uk/news/main.jhtml?xml=/news/2008/01/11/wschool111.xml

  35. Hugo
    Alert

    A photo of one of the tram crashes:

    http://miasta.gazeta.pl/lodz/51,35136,4823174.html?i=0

  36. Mostor Astrakan

    Classic hack!

    This almost takes me back to the days of hack-tic. I hope there will always be people around that go around looking at things and observing the interesting ways in which they break.

  37. Giles Jones Gold badge

    Encryption

    It's do to plonkers like this kid that we have DRM and encryption.

  38. Anonymous Coward
    Anonymous Coward

    IR Points

    It doesn't seem that out of the question that a tram system may have points that are controlled from the cab of the tram, either by IR or radio. All you need to do is assume that the points aren't switched the way you want them and explicitly switch them to the correct direction whenever you approch. There would be no need for security in the points control system if trams don't go over the maximum safe speed (ie the max speed you can be switched from your current line) for the points when they cross.

    I suspect what happened here is that the scrote, sorry teen, switched the points when a tram was halfway over the points, cuasing derailment. It's not too long ago that tram systems had manual points which would have been controlled from the street (IIRC). Trams are not like rail systems in that they don't tend to have signalling systems.

    As for giving him a job, a kicking would seem more appropriate.

  39. Lars Petersson
    Alert

    @ Chris C

    Actually, here in the UK, being able to read pretty much does show a brain that works.

    The levels of reading and writing really are that bad...

  40. TeeCee Gold badge
    Black Helicopters

    Security.

    I suspect that the Tram system in Łódź (thanks for the "copy 'n paste" Steve) has been this secure for a looong time.

    The only thing that's changed is that, these days, screwing around with it results in arrest, a court case and, probably, a fine. Oh, and a lot of kudos from your mates.

    When it was put in, tampering with it would have resulted in some very stern looking people taking you away in the middle of the night, asking you a lot of serious questions in a way that *really* encourages a quick answer. Oh, and your mates will never admit to having ever heard of you ever again.

    Deterrence can be just as effective as security.......

  41. Sam

    after that photo..

    If someone I cared about was on one of those trams, injured or not, I'd be looking for the little turd right now........

  42. Anna Log
    Coat

    Will they be in the stores soon?

    Universal remotes with a ' tram points ' button between ' TV ' and ' DVD ' ?

  43. Anton Channing
    Stop

    Łódź for words

    This would be the same Łódź that just paid £10,000 for a website. A website that consists of just one page. A page that consists of just one image and no actual text. Image mapped to link to a bunch of external sites. All paid for by Polish tax payers money...

    It sounds to me like Governments are just a waste of taxpayers money. Whereever you are in the world...

  44. Anonymous Coward
    Thumb Up

    Public exploit

    @nick

    "Theoretically you could (at least for some of them). Some traffic lights have sensors in them that detect when emergency service vehicles or buses approach and 'green light' them. Never seen a public exploit for it though..."

    Been done, at least once, in the US.

    <http://www.msnbc.msn.com/id/12365330/from/RSS/>

  45. Anonymous Coward
    Coat

    I see the problem

    http://miasta.gazeta.pl/lodz/51,35136,4823174.html?i=1

    he is a "hoodie" (which my mum thinks is a contraction of hoodlum, bless her)

    my hat, my coat, my gloves and my phoney dog poo!

  46. frank denton
    Boffin

    Re. Security-Careless Installation Engineers

    Did these IP addresses begin with 192. by any chance? If so those are internal network addresses.

  47. Neil

    Re: Traffic Lights

    The device you want is known as a MIRT, apparantly. Details on building one (against the law, though) are here:

    http://www.i-hacked.com/index.php?option=content&task=view&id=176

  48. steogede
    Pirate

    How unusual...

    >> "He treated it like any other schoolboy might a giant train set, but it was lucky

    >> nobody was killed. Four trams were derailed, and others had to make emergency

    >> stops that left passengers hurt. He clearly did not think about the consequences

    >> of his actions,"

    ...a fourteen year-old boy who didn't think about the consequences of his actions. I thought fourteen year-old boys are well known for thinking through their actions.

    @ Giles Jones

    >> It's do to plonkers like this kid that we have DRM and encryption.

    It's plonkers who design systems like this without thought to encryption that are the problem. Designing such a system without thought to security akin to designing such a system without thought to safety.

    It is almost as bad as bus designers who design buses which are unlockable and bus drivers who leave the keys in the ignition whilst the driver goes to buy fags whilst at a timed stop. Goodness knows how many double deckers (sometimes full of passengers) have been stolen in this manner.

  49. Jon
    Flame

    @ W @ steve

    Snopes is wrong on this... One of my college projects was using OpenCV to create a similar system, as well as personal experience with my Motorcycle and Car.

    A good majority of intersections work with Camera Vision Systems coupled with Inductive Sensors in the pavement. My small Tiburon (Coupe in the UK) was able to set off inductive sensors, but at night, I would experience problems with intersections that were purely based on camera vision triggered. I saw this 'tip' on snopes and gave it a try. I discovered that turning on my brights (not flashing) would trigger the camera recognition system.

    My motorcycle (Honda VTX 1300c) is not able to trigger most inductive systems and has a small profile that very few camera systems would pick up. I discovered tha.the "blaring the higbeam" (again, not flashing) was the only way to trigger some lights.

    The CV system works by detecting a change above a certain threshold in it's picture view. Turning on your brights createst a greater change in the picture.

    If you happen to live near Overland Park, KS, you can test what I have found at the intersection of College and Nieman in the south left turn lane on Niemen. The intersection would not pick up my bike/car without highbeams (I used to run the light on my motorcycle after sitting for 5-10 mins)

  50. Tim

    @ Nick

    AFAIK, few UK cities have those systems yet- but they rely on a transponder;

    http://www.dft.gov.uk/pgr/regional/buses/bpf/busprioritythewayahead12/busprioritythewayaheadhtmlve1073?page=8

    Presumably, a grabber is all you need. I doubt they bother with encryption either.

Page:

This topic is closed for new posts.