<ul data-eligibleForWebStory="false"><li>US CISA warns about a critical flaw in End-of-Train and Head-of-Train systems, allowing hackers to trigger emergency braking and issue unauthorized brake commands.</li><li>The vulnerability, tracked as CVE-2025-1727, affects the radio-based linking protocol between End-of-Train (EoT) and Head-of-Train systems used in freight trains.</li><li>Exploiting the lack of encryption and authentication, attackers could send crafted radio packets to manipulate brake commands, potentially causing disruptions, brake failures, or derailments.</li><li>Despite efforts to address the flaw and replace the outdated protocol by 2027, the risk remains severe, with the potential for an attacker using a $500 radio setup to remotely trigger train brake failures or derailments, posing national safety risks.</li></ul>

An attacker using a $500 radio setup could potentially trigger train brake failures or derailments from a distance

Discover more