A student equipped with a laptop and a radio interrupted four high-speed trains. The crypto keys had remained unchanged for 19 years.

      A 23-year-old university student managed to hack Taiwan’s high-speed rail using a laptop and inexpensive radios, taking advantage of cryptographic keys that had not been updated for 19 years. At 23:23 on April 5, the student, known only by the surname Lin, sent a false General Alarm signal into the internal radio system of the Taiwan High Speed Rail Corporation, causing four trains traveling at speeds of up to 300 km/h to receive the emergency alert and switch to manual braking. This led to a 48-minute disruption of the entire high-speed rail network. Lin bypassed seven layers of security with a laptop, a software-defined radio purchased online, and several handheld radios.

      The compromised system is TETRA (Terrestrial Trunked Radio), developed in the 1990s for encrypted communication, and is used by police, emergency services, and transport networks in around 120 countries. The TETRA system in Taiwan dates back to the rail line's launch in 2007. According to Tom's Hardware, there appears to have been no key rotation implemented since the system's installation, which should have been configured at that time. The cryptographic keys were set when Lin was just four years old and have remained unchanged since.

      The method of attack was straightforward. Lin utilized a software-defined radio to intercept the THSRC’s radio communications. He saved the intercepted signals on his laptop, decoded the TETRA parameters, and used those codes to program handheld radios. He then broadcast a cloned General Alarm signal that seemed to come from a station employee, instigating emergency braking procedures throughout the network. Police described his technique as basic.

      The vulnerability at the core of this incident is not new. In 2023, Dutch cybersecurity researchers revealed a deliberate backdoor in the TETRA encryption algorithm, affecting devices made by manufacturers such as Motorola and Hytera. They indicated that the system could be compromised in less than a minute with off-the-shelf hardware, potentially enabling attackers to issue harmful commands to critical infrastructure or listen in on emergency services. Numerous European public transport systems and important critical infrastructures in the U.S. also use TETRA. Despite the disclosure, many critical infrastructure operators failed to heed the warnings.

      Taiwan’s incident illustrates the risks of ignoring such alerts. RTL-SDR, a publication focusing on TETRA vulnerabilities, speculates that THSRC’s system might have been using the outdated and insecure TEA1 encryption algorithm. However, it seems more plausible that proper key rotation was never established.

      The political ramifications have been immediate. Legislator Ho Shin-chun raised the issue during a Transportation Committee meeting, questioning the safety of the Taiwan Railway Corporation’s system if a college student could breach the high-speed rail system. When she inquired if the Taiwan Transportation Safety Board had been informed, they stated they hadn’t received any notice.

      The Ministry of Transportation and Communications has promised to produce a report within a month to enhance railway communication security. Both THSRC and Taiwan Railway Corp are reviewing their radio system security, and metro operators have been instructed to perform similar reviews. Police confiscated 11 handheld radios, a software-defined radio, a laptop, and two smartphones from Lin's home, discovering he had access to the radio frequencies of the New Taipei City Fire Department and the Taoyuan International Airport MRT Line.

      Lin was apprehended on April 28, over three weeks after the incident. His attorney argued the transmission was accidental: “I had [the radio] in my pocket and accidentally pressed the button.” Authorities found this explanation unconvincing, especially considering the amount of specialized equipment seized and evidence indicating a 21-year-old accomplice provided Lin with critical THSRC parameters. Lin was released on NT$100,000 bail (about $3,200) and faces charges under Article 184 of the Criminal Law, potentially leading to a 10-year sentence.

      The larger context reveals a global transport infrastructure that has failed to evolve alongside the tools that could compromise it. While software supply chain attacks have been prominent in cybersecurity discussions in 2026, the Taiwan situation highlights that significant vulnerabilities can stem from outdated systems rather than software flaws. These legacy radio systems, installed two decades prior and never updated, rely on cryptographic keys set during the Bush administration, and their weaknesses have been known for years.

      This pattern is prevalent across technology sectors: the most critical attack surfaces often receive the least attention, with security resources diverted to newer, more trendy threats. Lin's equipment was less expensive than a mid-range smartphone, but the potential damage could have been severe.

      THSRC serves 81.8 million passengers each year, with trains operating at 300 km/h. The system designed to safeguard those passengers from a fake emergency braking signal relied on cryptographic keys that hadn’t been altered since Lin was in preschool. Whether measures to rectify this issue will be implemented before another individual with a laptop and a radio attempts the same exploit is a pressing question