The Russian Railways information system got hacked in 20 minutes
Specialists of Russian Railways will conduct an investigation after the statement of the Habr user that he hacked the Wi-Fi network during a trip on the Sapsan high-speed train and gained access to the data of all its users in 20 minutes. According to the company, the hacked network did not contain personal data, but only entertainment content.
On Friday, November 15, user keklick1337 on the portal Habr.com was returning from Saint-Peterburg, where he visited the ZeroNights information security conference, to Moscow. The programmer became bored, and he decided to check the reliability of the Wi-Fi and easily gained access to the hidden data of Russian Railways. He noted that ” the same passwords and free security certificates are used everywhere, and the data is stored in text documents.”
“It is not difficult to access the data of the passengers of the train and it takes at most 20 minutes”, noted the author of the post.
“The server of the information and entertainment system of Sapsan trains does not store personal data of passengers. The multimedia portal provides information and entertainment content: news of Russian Railways, movies, books, music and other information, ” said the representative of Russian Railways.
According to the spokesman, for authorization in the system, the user must enter only the last four characters of the document, which he used to buy a ticket, as well as the rail car and the seat number. These data are not personal and in accordance with the current legislation of the Russian Federation are stored on the server for no more than one day.
“The infotainment system server is not connected to the internal network of Russian Railways or other internal control services on the train, it is designed exclusively for entertainment and information topics and does not store any confidential customer data,” added the company.
The Russian Railways plans to conduct a technological investigation on the fact of hacking the train system Sapsan.
Earlier, E Hacking News reported that the personal data of 703 thousand employees of Russian Railways, from the CEO to the drivers, were publicly available.