Taiwan High-Speed Rail Disrupted by Radio Signal Spoofing Attack
A 23-year-old train enthusiast disrupted Taiwan's high-speed rail network by spoofing emergency radio signals, highlighting persistent security vulnerabilities in critical infrastructure communication protocols.
On April 5, a 23-year-old individual successfully disrupted Taiwan High Speed Rail (THSR) operations by spoofing a general alarm (GA) signal, forcing three high-speed trains to perform emergency stops and causing a 48-minute service delay Dark Reading. The perpetrator utilized a software-defined radio (SDR) setup and hardware purchased online to inject the false emergency alert into the railway's communications network Dark Reading.
The incident centered on the exploitation of the Terrestrial Trunked Radio (TETRA) protocol, a standard widely used for critical communications in emergency services, military, and industrial sectors Dark Reading. While TETRA is capable of high security, experts suggest the THSR network may have been running an insecure configuration Dark Reading. According to Wouter Bokslag of Midnight Blue, the compromise likely involved the injection of a voice or text-based emergency command, a feat made possible because the network lacked the necessary hardening, such as robust authentication and key rotation Dark Reading.
Cybersecurity researchers note that this incident represents a more sophisticated evolution of previous rail-based radio attacks. Unlike the 2023 incidents in Poland, where attackers used simple analog tones to trigger emergency stops, the Taiwan attack required the perpetrator to understand the specific operational environment and successfully clone or extract the parameters needed to inject a valid alarm Dark Reading. This highlights a critical vulnerability: communication protocols only provide resilience if security features like terminal control and anomaly detection are strictly enforced Dark Reading.
The broader rail sector remains a high-profile target for electronic spoofing and cyber interference. In July 2025, CISA issued a warning regarding vulnerabilities in US rail systems that could allow attackers to spoof communications between end-of-train and head-of-train devices, potentially leading to unauthorized stops or derailments Dark Reading. Furthermore, researchers at Midnight Blue have previously identified significant flaws in TETRA implementations that effectively created low-security backdoors, prompting the European Telecommunications Standards Institute (ETSI) to release security algorithms for public scrutiny Dark Reading.
While the release of these algorithms aims to improve long-term security through transparency, it also provides attackers with the blueprints to analyze and exploit these systems Dark Reading. As railway operators face the dual challenge of maintaining reliable legacy infrastructure and securing modern digital communications, the incident in Taiwan serves as a stark reminder of the risks posed by improperly configured critical infrastructure protocols Dark Reading.