technologyliberal

A Laptop, a Radio and 19 Years of Unchanged Keys

Taiwan, TaichungSunday, May 17, 2026

The Hack: Simple Tools, Staggering Impact

At 3:17 AM on April 5, a 20-year-old computer science student in Taichung, Taiwan, performed what security experts now call one of the most reckless cyber-physical attacks in modern history. Using nothing more than:

  • A laptop
  • A $30 software-defined radio (SDR)
  • A pair of hand-held radios
  • A lack of security updates dating back to 2003

...he halted four high-speed trains, each traveling at 300 km/h, by exploiting a decades-old vulnerability in Taiwan’s rail communication system.

The attack forced the entire Taiwan High Speed Rail (THSR) network to a standstill for nearly an hour, with trains braking automatically in response to a fake emergency alarm—a signal he intercepted, cloned, and rebroadcast with chilling precision.


The Flaw: A Crypto Key Untouched Since Childhood

The system in question? TETRA (Terrestrial Trunked Radio), a 1990s-era digital radio standard used by:

  • Police forces
  • Airports
  • Public transport
  • Emergency services

...in over 120 countries. Taiwan’s high-speed rail adopted TETRA when it launched in 2007—but the cryptographic keys securing its radio communications were set once, in 1999, when the student was just four years old.

And then never updated.

This oversight turned a basic security standard into an open invitation for hackers. The student didn’t need sophisticated tools—just the ability to:

  1. Sniff the unencrypted TETRA traffic using an SDR.
  2. Decode the signal on his laptop.
  3. Rebroadcast a cloned "General Alarm"—a command that triggers immediate emergency braking in all connected trains.

Police later called the method "basic"—but its consequences were anything but.

---

A Known Vulnerability—Ignored for Years

This wasn’t the first warning. In 2023, Dutch researchers at Midnight Blue exposed a backdoor in TETRA encryption, demonstrating how off-the-shelf hardware could crack the system in minutes.

The response? Silence.

Despite the alarm raised by cybersecurity experts, most TETRA operators—including those in Europe and the U.S.—took no action. Taiwan’s incident is now a case study in what happens when critical infrastructure ignores security advisories.


The Fallout: Arrest, Bail, and a Nation on Edge

The attack didn’t go unnoticed. Within hours, Taiwan’s Transportation Ministry scrambled to assess the breach, while a legislator demanded answers:

"Why did the rail company fail to report this immediately?"

The rail operator and other TETRA users are now auditing their radio security, but the damage is done. Police seized the student’s equipment:

  • Laptop
  • SDR receiver
  • Two hand-held radios
  • Two smartphones

Investigators also discovered something far more disturbing: the student had access to other public service frequencies, including:

  • A fire department channel
  • An airport radio line

He was arrested on April 28three weeks after the attack—and charged with:

  • Disrupting public transportation
  • Unauthorized interference with critical systems

His lawyer claims the breach was "accidental", but authorities found evidence of planning, including a 21-year-old accomplice who allegedly provided crucial data.

If convicted, he faces up to 10 years in prison.

---

The Bigger Threat: Legacy Systems in a Digital Age

Taiwan’s high-speed rail carries 82 million passengers annually. A real disaster was only avoided because the student halted the trains—not because the system was secure.

The lesson? The most dangerous security holes aren’t in cutting-edge software—they’re in forgotten hardware, running on protocols from the 1990s.

Even as supply-chain attacks dominate headlines, legacy systems with hardcoded flaws remain one cheap radio away from catastrophe.

Governments worldwide now face urgent pressure to: ✔ Audit and update TETRA (and similar) encryptionEnforce mandatory key rotationsPhase out unsecured legacy protocols

Because next time, the hacker might not be a reckless student—it could be a hostile actor with far deadlier intentions.


Actions