Whilst its not uncommon for vulnerabilities to be known for a long time without being fixed, this is one that sounds like it should be fixed.
It is noted that the vulnerability hasn't supposedly ever been exploited in real life.
Apart from a targeted attack on multiple trains it does sound like this attacks likelihood is fairly low.
java-man•6mo ago
Until it becomes a part of another, more spectacular and devastating attack.
NoPicklez•6mo ago
There's always a worst case scenario with vulnerabilities, likelihood and consequence becomes a fairly important metric to measure the risk. However the fact that you don't need to be "near" the train to do it makes it all the more opportunistic.
Perhaps if the USA were at war within another bordering nation who had physical access then it might be higher risk. But the trains are within the US with no bordering nations at much risk of doing anything on each other.
I'm not saying the people at the top aren't wrong, but we live in a world of differing priorities.
rurban•6mo ago
Ha, I was once tasked to do this for Russian trains. Thing is that they often loose the rear ends somewhere, and don't recognize it. They might be kilometers long. You need to able to detect that, and then optionally issue a break to the end. Of the course the message protocol needs to secure.
persolb•6mo ago
This isn’t how US trains work though. There is literally an air pipe from end to end. It leaking air is how the brakes are normally applied.
The system with the vuln is just an overlay.
rurban•6mo ago
Ah, so our system was much better. We used GPS. But the Russians never ordered it.
NoPicklez•6mo ago
It is noted that the vulnerability hasn't supposedly ever been exploited in real life.
Apart from a targeted attack on multiple trains it does sound like this attacks likelihood is fairly low.
java-man•6mo ago
NoPicklez•6mo ago
Perhaps if the USA were at war within another bordering nation who had physical access then it might be higher risk. But the trains are within the US with no bordering nations at much risk of doing anything on each other.
I'm not saying the people at the top aren't wrong, but we live in a world of differing priorities.