Image by Alexander Shustov, from Unsplash
Hackers Can Remotely Trigger Brakes on U.S. Trains
Reading time: 2 min
Last Updated: Jul 17, 2025
-
![Kiara Fabbri]()
-
![Sarah Frazier]()
Fact-Checked by Sarah Frazier Content Manager
Many trains in the U.S. continue to face a security risk which allows hackers to activate their brakes from a distance.
In a rush? Here are the quick facts:
- Vulnerability discovered in 2012 by researcher Neil Smith, still not fixed.
- Railroad industry ignored warnings, demanding real-life exploit proof first.
- CISA calls exploit complex, but researcher says it’s “low attack complexity.”
404Media reports that this serious security flaw has been known for over a decade but still not fully fixed. The flaw was first reported by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and independent researcher Neil Smith.
Smith first discovered the vulnerability in 2012. He explained that the vulnerability can be exploited through radio frequencies used between the front and back sections of a train . “All of the knowledge to generate the exploit already exists on the internet. AI could even build it for you,” Smith told 404 Media.
Smith explained how hackers can activate the exploit using a FlipperZero device within a 200-foot range, or an aircraft transmitter at 30,000 feet, to achieve coverage up to 150 miles.
The flaw stems from a safety system introduced in the 1980s called the End-of-Train and Head-of-Train Remote Linking Protocol (EOT/HOT), designed to improve communication on trains. Smith said, “The radio link is a commonly found [frequency-shift keying] data modem that was easy to identify,” but figuring out the meaning of the data was harder, as reported by 404Media.
When Smith alerted the railroad industry in 2012, he says they ignored him. “The Association of American Railroads (AAR) […] would not acknowledge the vulnerability as real unless someone could demonstrate it to them in real life,” he said. AAR declined to comment on the issue.
CISA official Chris Butera revealed that rail sector stakeholders have monitored this vulnerability for more than a decade, but state that its’ exploitation requires both physical access, advanced technical skills, and specialized equipment.
But Smith disagrees, calling CISA’s statement “overly complicated,” noting the exploit is actually “low attack complexity,” as noted by 404Media
The vulnerability remains unfixed, with industry efforts to update the system ongoing but slow. Smith criticized the railway industry’s response, saying it follows the insurance industry’s “delay, deny, defend” approach, as noted by 404Media.
Previous Story
Latest articles 
