End-of-Train and Head-of-Train Remote Linking Protocol Weak Authentication Vulnerability

A vulnerability exists in the End-of-Train (EoT) and Head-of-Train (HoT) remote linking protocol, used for communication over radio frequency to control train operations. This vulnerability arises from weak authentication, as the protocol relies on a BCH checksum for packet creation. An attacker can exploit this weakness by using a software-defined radio to craft EoT and HoT packets that issue brake control commands to the EoT device. Such actions could disrupt train operations or overwhelm the braking system, potentially causing a brake failure.

Impact

Exploitation of this vulnerability could allow an attacker to send unauthorized brake control commands to an End-of-Train device, causing a sudden stop of the train. This could disrupt operations or lead to a failure of the braking system.

Remediation

The Association of American Railroads (AAR) is working on new equipment and protocols to replace traditional End-of-Train and Head-of-Train devices. Users are advised to contact their device manufacturers with questions. CISA recommends minimizing network exposure for control system devices, using firewalls to isolate control system networks from business networks, and employing secure remote access methods such as Virtual Private Networks (VPNs).