Student Hacks Taiwan High-Speed Rail, Halts 4 Trains
Key Takeaways
- The student used software-defined radio to intercept and clone TETRA radio signals
- The railway's security parameters had not been updated in 19 years
- The attacker bypassed seven verification layers and faces up to 10 years imprisonment
What Happened
Taiwanese police arrested a 23-year-old university student on April 28 for hacking into the country's high-speed railway communication system. The student, identified by his surname Lin, used software-defined radio (SDR) equipment to transmit a fake emergency signal that triggered automatic braking on four trains.
The incident occurred on April 5. Lin transmitted a high-priority "General Alarm" signal that mimicked legitimate railway communications. Four trains stopped for 48 minutes while operators investigated what they believed was a genuine emergency.
Taiwan High Speed Rail (THSR) serves 81.8 million passengers annually along a 350-kilometer route on the island's western coast. Trains reach speeds up to 300 km/h. The system receives state financial support due to its critical role in Taiwan's transportation infrastructure.
How the Attack Worked
Lin purchased SDR equipment online and used it to intercept TETRA (Trans-European Trunked Radio) communications from the railway network. TETRA is a digital trunked radio standard used by emergency services and transportation systems across Europe and Asia.
After capturing the radio parameters, Lin decoded them and programmed the data into handheld radios. This allowed him to impersonate legitimate railway beacons. A 21-year-old accomplice provided some critical THSR parameters that made the attack possible.
The railway's TETRA system had been in operation for 19 years. According to reports, security parameters had not been rotated during that entire period. This failure allowed Lin to bypass what should have been seven layers of verification.
How THSR Detected the Breach
After the trains stopped, THSR engineers examined system logs. They found that the emergency signal came from a radio beacon that was not assigned for duty that day. A physical check confirmed the legitimate device was still in place and had not been used.
This pointed to unauthorized cloning. THSR alerted police, who traced the transmission using CCTV footage and TETRA network logs.
Investigators tracked the signal to Lin's residence. Police seized 11 handheld radios, an SDR device, and a laptop during the arrest.
Legal Consequences
Lin faces charges under Article 184 of Taiwan's Criminal Law. The maximum penalty is 10 years imprisonment. He was released on NT$100,000 ($3,280) bail following his April 28 arrest.
Lin's lawyer claims the April 5 transmission was accidental. Authorities have expressed skepticism about this defense, given the technical complexity required to intercept, decode, and retransmit TETRA signals.
Infrastructure Security Failures
The incident has drawn criticism from Taiwanese politicians. Some have called out the bodies responsible for railway communications for negligence. The core issue: critical security parameters remained unchanged for nearly two decades.
TETRA systems, while encrypted, rely on proper key management and parameter rotation to remain secure. Static credentials become increasingly vulnerable as hardware prices drop and SDR technology becomes more accessible. SDR equipment capable of intercepting such signals is now available for a few hundred dollars online.
This attack demonstrates a broader risk to transportation infrastructure worldwide. Many railways, metros, and emergency services still use legacy TETRA deployments. Without regular security audits and credential rotation, these systems remain exposed to similar attacks.
Logicity's Take
Frequently Asked Questions
What is TETRA and why is it used for railways?
TETRA (Trans-European Trunked Radio) is a digital radio standard designed for mission-critical communications. Railways, emergency services, and public transit systems use it for reliable, encrypted voice and data transmission. It supports group calls, emergency signaling, and priority communications.
What is software-defined radio (SDR)?
SDR uses software to process radio signals instead of dedicated hardware. This flexibility allows a single device to transmit and receive across many frequencies. SDR equipment has become affordable and accessible, making it useful for researchers, hobbyists, and unfortunately, attackers.
Could this attack happen on other railway systems?
Potentially yes. Many transportation systems worldwide use TETRA or similar radio technologies. Systems that have not regularly rotated security parameters or audited their radio infrastructure may be vulnerable to similar interception and spoofing attacks.
How can organizations protect against this type of attack?
Regular rotation of encryption keys and authentication parameters is essential. Organizations should also monitor for unauthorized radio transmissions, conduct periodic security audits of communication systems, and implement anomaly detection for unusual signal patterns.
Related coverage on critical infrastructure and supply chain security
Need Help Implementing This?
Source: BleepingComputer
Huma Shazia
Senior AI & Tech Writer
Related Articles
Browse all
Kraken Crypto Exchange Extortion: Hackers Threaten to Leak Internal Videos After Insider Breach
Cryptocurrency exchange Kraken is being extorted by hackers who obtained videos of internal systems through bribed support employees. The company says no funds were compromised and refuses to pay, with only about 2,000 accounts affected. Kraken is working with federal law enforcement to prosecute everyone involved.
Windows 11 KB5083769 and KB5082052: April 2026 Patch Tuesday Brings Smart App Control Changes and Security Fixes
Microsoft's April 2026 Patch Tuesday updates are now live for Windows 11, bringing critical security patches alongside a welcome change to Smart App Control. You can finally toggle SAC on or off without wiping your entire system. The updates cover versions 23H2, 24H2, and 25H2.
Zero Trust Identity Security: 5 Ways This Framework Actually Stops Credential Theft
Stolen credentials caused 22% of breaches in 2025, making them the top attack vector. Zero Trust promises to fix this, but only when it's built around identity as the core principle. Here's how organizations can implement it properly.
Open Source PR Backlogs: Why Your GitHub Contribution Sits Unreviewed for a Year
A developer's Jellyfin pull request has been waiting over a year for merge despite two approvals, exposing a systemic crisis in open source maintenance. Queuing theory explains why backlogs grow exponentially, and 60% of maintainers have quit or considered quitting due to burnout.
Also Read
OpenAI Opens ChatGPT Ads to All US Businesses
OpenAI is expanding its ChatGPT advertising pilot with a self-serve Ads Manager and cost-per-click bidding. The company has partnered with major ad agencies and tech platforms to let businesses of all sizes run campaigns inside ChatGPT.
OpenAI Claims GPT-5.5 Instant Cuts Hallucinations by 52%
OpenAI's new default ChatGPT model promises significantly fewer made-up claims, especially in high-stakes topics like medicine, law, and finance. The company also says GPT-5.5 Instant will ease up on emoji use and deliver tighter responses.
Apple Seeks Intel, Samsung to Reduce TSMC Dependency
Apple is negotiating with Intel and Samsung to diversify its chip production beyond TSMC. Key executives have already visited Samsung's Texas factory as the company reorganizes its hardware teams under Johny Srouji.