Maybe you thought we were being paranoid about security in our post last Thursday about Boeing’s unholy union of user Internet access with networks for control and navigation aboard the new 787 Dreamliner. Nobody could really hack one of these networks, now could they?
As if presaging things to come, a teenager in Łódź, Poland managed to hack the infrared controls of the local tram system and rewired a TV remote control to issue commands to modify track settings. He then proceeded to play with the tram system “like any other schoolboy might a giant train set,” switching track points at will and causing derailments that resulted in twelve injuries. Fortunately, no one was killed.
Teachers describe the 14-year-old as ‘a model pupil and an electronics “genius”‘, but I don’t think this prank owes as much to genius as it does to stupidity. Once again we encounter a control system, responsible for passenger safety, in which considerations for security have been grossly ignored.
The teen supposedly trespassed at tram depots in order to gather information and equipment that he used in building his infrared control. So first of all, who was watching the depot? It might have been just as easy for someone to plant an explosive on a tram.
Second, how could a system like this use IR for controlling track points? What were they thinking?
Admittedly, the computer networks aboard the Boeing 787 are probably much less hackable than the aging chewing-gum-and-baling-wire infrared tram controls of a Polish municipality’s tram system. But the lesson remains the same: if a system can be cracked, it probably will be. Where public safety is involved, don’t assume that no one will bother.