A student with a laptop and a radio stopped four high-speed trains. The crypto keys hadn't been changed in 19 years.

TL;DRA 23-year-old hacked Taiwan’s high-speed rail with a laptop and cheap radios, exploiting crypto keys unchanged for 19 years.

At 23:23 on 5 April, a 23-year-old university student in Taichung transmitted a falsified General Alarm signal into the Taiwan High Speed Rail Corporation’s internal radio system. Four trains travelling at up to 300 km/h received the highest-priority emergency alert and switched to manual braking. The entire high-speed rail network was disrupted for 48 minutes. The student, identified only by his surname Lin, had cracked through seven layers of verification using a laptop, a software-defined radio he bought online, and a handful of handheld radios. The cryptographic keys protecting the system had not been changed in 19 years.

The radio system Lin compromised is TETRA (Terrestrial Trunked Radio), a standard developed in the 1990s for encrypted voice and data communication, used by police, emergency services, airports, and transport networks in approximately 120 countries. THSRC’s TETRA deployment dates to the rail line’s opening in 2007. According to Tom’s Hardware, the system’s cryptographic key rotation, which needs to be configured and scheduled at installation, appears never to have been implemented. When Lin was four years old, someone set the keys. Nobody changed them.