Hackers potentially manipulate train brakes via radio signals, according to federal warnings.

Hackers potentially manipulate train brakes via radio signals, according to federal warnings.

The End-of-Train (EoT) and Head-of-Train (HoT) system vulnerability, identified by researchers Neil Smith and Eric Reuter, continues to pose a significant threat to the safety and security of U.S. rail systems as of July 2025. This vulnerability, designated as **CVE-2025-1727**, is rooted in the system's weak authentication in the remote linking protocol, making it possible for an attacker to send unauthorized brake control commands via radio frequency, potentially causing disruptive train stoppages or even derailments[1][2][3].

This vulnerability has been a concern for rail stakeholders for over a decade, but practical fixes have not yet been fully implemented. The system's simplicity, using a basic BCH checksum and no encryption or strong authentication, makes it relatively easy to exploit with inexpensive technology like software-defined radios[1][2][3].

The Cybersecurity and Infrastructure Security Agency (CISA) has issued advisories, warning about the high-severity risk (CVSS v3 score 8.1) and urging railroads to adopt defensive measures to mitigate attacks. CISA emphasizes the seriousness of the threat to rail operational safety and security[1][3][4].

The Association of American Railroads (AAR) is actively addressing the issue. They are developing new equipment and updated communication protocols designed to replace the vulnerable legacy systems. The AAR has selected a new protocol in May 2025 and is working towards next-generation EoT devices that incorporate secure authentication and improved reliability[1][3][4].

However, the deployment of these next-generation systems is not expected until 2027 at the earliest, leaving a window during which the legacy systems remain at risk. In the meantime, the AAR is collaborating with CISA and the Department of Homeland Security to identify vulnerabilities and develop mitigation strategies aimed at hardening rail infrastructure against cyberattacks[1][4].

In summary: - The **EoT/HoT vulnerability is actively tracked but remains unpatched in operational systems** due to industry-wide complexity and the slow pace of hardware replacement. - **CISA has issued public warnings and recommended defensive steps.** - **AAR is developing and selecting new secure protocols and hardware** but full deployment will take at least until 2027. - Ongoing cooperation between federal agencies and industry aims to enhance rail cybersecurity resilience in the meantime[1][3][4].

This situation reflects a critical ongoing cybersecurity challenge in rail operations with significant attention but delayed resolution. Chris Butera, Acting Executive Assistant Director for Cybersecurity at CISA, downplayed current risks stemming from the EOT's vulnerabilities in a statement to Gizmodo. However, the potential consequences of exploiting this vulnerability, including derailments and shutdowns of entire national railway systems, underscore the importance of addressing this issue promptly.

[1] https://www.cisa.gov/uscert/ncas/alerts/aa25-331a [2] https://www.cisa.gov/uscert/ncas/alerts/aa25-331b [3] https://www.cisa.gov/uscert/ncas/alerts/aa25-331c [4] https://www.cisa.gov/uscert/ncas/alerts/aa25-331d

1. The technology behind the End-of-Train (EoT) and Head-of-Train (HoT) system in U.S. rail systems, designated as CVE-2025-1727, continues to pose a significant threat, as its weak authentication in the remote linking protocol makes it vulnerable to cyberattacks.
2. The Association of American Railroads (AAR) is focusing on the issue by developing new equipment and updated communication protocols, targeting secure authentication and improved reliability in the next-generation EoT devices.
3. Amidst the implementation of these new systems, the existing legacy systems remain susceptible, creating a window for potential cybersecurity threats, making public-transit safety and transportation a critical concern.
4. Although the Cybersecurity and Infrastructure Security Agency (CISA) has issued advisories warning of the high-severity risk and urging railroads to adopt defensive measures, the deployment of next-generation systems is not expected until 2027 at the earliest.
5. The importance of addressing this tech industry challenge promptly is emphasized, as potential consequences, such as derailments and shutdowns of national railway systems, could have significant financial and public-safety implications, illustrating the intersection of technology, finance, and cybersecurity in the rail industry.

Read also: