Hillbilly BBQ: Your rail networks put to use to facilitate OUR party… presented at BSidesTLV 2017

by Chris Roberts,

Summary : We’ve focused on numerous forms of transportation over the years with varying degrees of success. We now turn our attention to the rail industry as a whole. The reviews here and disclosures cover everything from freight to passenger through to the intermodal systems. We take a look at the infrastructure and architecture of the rail networks, the bridges, tunnels and all other aspects from the locomotives themselves through to the communication systems and platforms. The idea is to both understand and then explore (and exploit) the various attack surfaces in a tongue-in-cheek manner to create our own trains, move them about the systems at-will and eventually create a set of worst case scenario’s that would result in a set of sticky, explosive and somewhat deadly messes that the industry needs to sit up, consider and address before it’s too late. We will cover exploits without giving away code, attack vectors with detailed information both directly and within the 3rd party/vendor architectures of the entire rail system. Hopefully this will be both informational and entertaining AND provides further research ideas for others in the community to take up and explore.