"There are three little words to make the heart beat faster in anyone who knows what they mean: critical infrastructure resilience," wrote The Register in its assessment of a recent disruption that knocked Taiwan's bullet train system offline.
Taiwan's bullet train outage: a student, a radio, and a replay attack
Taiwan's entire bullet train system was disabled for nearly an hour by an unknown attacker, the article reports. The disruption later traced not to a nation-state campaign but to a university student "with a yen for radio and some kit he bought online." According to the account, a handset transmission was decoded and then retransmitted into the network as if it were the original radio. Whether the retransmitted data already carried a General Alarm flag or had been modified before replay is not known — but the technique described is a replay attack, the same basic trick long used by criminal "code grabbers" to unlock cars with wireless keys.
TETRA radios: the standard, its reach, and aging installed bases
The two-way radio standard implicated is TETRA, used in more than 100 countries and often adopted as the encrypted successor to unencrypted FM handsets for emergency services. TETRA was developed in the 1980s and 1990s; the piece notes the acronym originally contained "Trans-Europe" and that the standard is now written as TErrestrial. While upgrades and hardening efforts have been underway — especially after "the 2023 vulnerability disclosures" — a sizeable installed base remains old, lacks over‑the‑air update capability, and is therefore costly and difficult to modernize. North America is singled out as the one region where TETRA is uncommon, and the article contrasts that with North America's P.25 standard.
Software-defined radio and the HackRF: cheap tools, broad capabilities
The story centers on the role of software‑defined radio (SDR) tools. SDR replaces fixed, analog radio hardware with three digital elements: an analog‑to‑digital converter that turns incoming signals into numbers, fast digital processing that performs the radio mathematics, and a digital‑to‑analog converter that reconstructs a waveform for transmission. The Register points to HackRF as a widely used SDR platform: low cost (it "can be picked up for less than the price of a mid‑range mobile"), open source, portable, and capable of transmitting and receiving across a very wide frequency range ("from DC to daylight"). The device and the software ecosystem make it straightforward to capture, analyze, and retransmit radio data — functions that enable replay attacks and a host of other manipulations from GPS spoofing to eavesdropping and injection.
Regulatory traces: code grabbers, Canada, and the UK
The piece notes that some countries, including Canada and the UK, have already banned devices sold as "code grabbers." Nonetheless, the article emphasizes the limits of such bans: code grabbers remain available online from suppliers in places like China, and criminal users are unlikely to be deterred by law. It adds that the UK is "thinking of extending the ban to other classes of naughty wireless" and "would doubtless like to do the same with HackRF, at least as of last week." The author argues, however, that SDRs as a class cannot be meaningfully prohibited because they are general‑purpose computing devices built from standard chips and open code.
What this means for technologists, policymakers, and transit operators
- Technologists and security teams: Replay attacks are described as a solved problem in principle — avoid reused keys, use a large keyspace and per‑session randomness — but the article stresses that fixing embedded systems and old radios is expensive and operationally difficult. Lack of over‑the‑air update channels and legacy hardware constrains rapid remediation.
- Policymakers and regulators: Existing bans on specialized code‑grabbing devices have limits in practice. The Register suggests regulators are considering wider prohibitions, but cautions that the underlying hardware and software are general purpose and globally available, complicating enforcement.
- Transit operators and procurement leaders: Many public‑service organizations adopted TETRA as a secure replacement for FM radios decades ago; the piece warns that much of that installed base now requires costly upgrades or replacement to eliminate basic replay vulnerabilities.
The bottom line in The Register's account is stark: cheap, widely available SDR hardware plus long‑standing cryptographic shortcuts — reused or nonrandom keys and unpatchable embedded radios — create a predictable path from hobbyist tinkering to major public‑safety outages. Repairing that gap, the author argues, "will be very expensive," and failing to do so is characterized as "a gamble with infinite downside" in an era when electronic‑warfare capabilities have become dramatically cheaper and more accessible.
Original story: https://www.theregister.com/security/2026/05/11/taiwans-train-cyber-trauma-reveals-a-global-system-thats-coming-off-the-tracks/5237248
