A Laptop, a Radio and 19 Years of Unchanged Keys

At night on April 5, a young student in Taichung managed to halt four high‑speed trains that were traveling at up to 300 km/h. He did it with a laptop, a cheap software‑defined radio and a few hand‑held radios. The key that protected the trains’ internal radio system had not been changed in 19 years, allowing him to send a fake emergency alarm that made the trains brake hard. The whole rail network was stopped for almost an hour. The system in question is TETRA, a radio standard that started in the 1990s and is used by police, airports and public transport in about 120 countries. Taiwan’s high‑speed rail began using TETRA when the line opened in 2007, but the cryptographic keys that keep the system secure were set once when the student was four and never updated. That oversight made it possible for the attacker to copy the alarm signal. The attack was simple: he intercepted the radio traffic with his software‑defined radio, decoded it on his laptop and then re‑broadcasted a cloned “General Alarm” from a hand‑held radio. Police described the method as basic, but it had a serious impact because the trains responded automatically to that alarm. This vulnerability is not new. In 2023, Dutch researchers found a backdoor in the TETRA encryption that could be broken with off‑the‑shelf hardware. Many critical services in Europe and the US use TETRA, yet most operators ignored the warning. Taiwan’s incident shows what can happen when those alerts are not acted upon.

The fallout was swift politically. A legislator asked why the rail company hadn’t reported the breach, and the Transportation Ministry promised a report on how to harden railway communications. The rail company and other operators are now reviewing their radio security. Police seized the student’s equipment: a laptop, an SDR receiver, hand‑held radios and two phones. They also found that he could listen to other public services’ frequencies, including a fire department and an airport line. He was arrested on April 28, more than three weeks after the incident. His lawyer said it was accidental, but authorities saw evidence of planning and a 21‑year‑old accomplice who supplied key data. He was released on bail and faces up to ten years in prison. The larger lesson is that many infrastructures still rely on old radio systems whose keys are never updated. Even as software supply‑chain attacks dominate headlines, the most dangerous holes may be in legacy hardware that never gets a security patch. The high‑speed rail carries almost 82 million passengers each year, and the same flaw could have caused a disaster if not discovered. The government now faces pressure to fix this issue before another cheap device can exploit it again.

Actions