Taiwan Bullet Train Disruption Highlights Vulnerabilities in Global TETRA Radio Standard
A university student successfully disabled Taiwan's entire bullet train system for nearly an hour by exploiting vulnerabilities in the aging TETRA radio communication standard using low-cost, off-the-shelf hardware.

Taiwan’s high-speed bullet train network was recently brought to a standstill for nearly an hour after a university student successfully disrupted the system's communications. While initial fears pointed toward a sophisticated state-sponsored cyber-offensive, authorities confirmed the incident was the work of a lone individual using readily available, low-cost radio equipment The Register.
The attack exploited vulnerabilities within the TETRA (Terrestrial Trunked Radio) standard, a communication protocol widely used by emergency services and critical infrastructure providers globally. Despite being designed in the 1980s and 1990s to provide secure, encrypted communications, the aging standard has become increasingly susceptible to modern exploitation techniques. The attacker reportedly bypassed these legacy security measures using a laptop paired with a software-defined radio (SDR) device, specifically identified as a HackRF The Register.
The use of SDR technology represents a significant shift in the threat landscape for critical infrastructure. Unlike traditional analog radios that required specialized, fixed hardware, SDRs treat radio communications as digital data. By utilizing an analog-to-digital converter and high-speed processing, an attacker can re-engineer radio signals through software, effectively turning a portable, inexpensive device into a powerful tool for signal manipulation. The HackRF, which is open-source and widely available for less than the price of a mid-range mobile phone, allowed the student to transmit and receive across a vast frequency spectrum The Register.
The incident has raised alarms for more than 100 countries that rely on TETRA for essential services. Many of these systems remain outdated, often lacking the capability for over-the-air security updates. While vulnerability disclosures in 2023 prompted some efforts to modernize these networks, organizations frequently prioritize budget allocations elsewhere, leaving a massive, aging global infrastructure exposed to relatively simple, low-cost attacks The Register.
While North America remains largely insulated from this specific risk due to the use of the P.25 standard instead of TETRA, the incident serves as a stark reminder of the fragility of global critical infrastructure. The ease with which a student was able to disable a major transportation network highlights a systemic failure to secure legacy communication standards against modern, accessible digital tools. As SDR technology continues to democratize access to radio frequency manipulation, the threshold for causing large-scale disruption to public services continues to drop, necessitating an urgent re-evaluation of how critical infrastructure secures its communication backbones The Register.