A student with a laptop and a radio interrupted four high-speed trains. The crypto keys had remained unchanged for 19 years.

      TL;DRA A 23-year-old hacked Taiwan's high-speed rail system using a laptop and inexpensive radios, taking advantage of crypto keys that hadn't changed in 19 years.

      At 23:23 on April 5, a 23-year-old university student from Taichung sent a fake General Alarm signal into the internal radio system of the Taiwan High Speed Rail Corporation. Four trains, operating at speeds of up to 300 km/h, received this urgent emergency alert and switched to manual braking. The high-speed rail network was disrupted for 48 minutes. The hacker, identified only by his last name Lin, managed to bypass seven layers of verification using a laptop, an online-purchased software-defined radio, and several handheld radios. The cryptographic keys securing the system had remained unchanged for 19 years.

      The compromised radio system is TETRA (Terrestrial Trunked Radio), developed in the 1990s for encrypted voice and data communication and utilized by police, emergency services, airports, and transport networks in around 120 countries. The TETRA system used by THSRC dates back to the rail line's launch in 2007. Reports by Tom’s Hardware indicated that the system’s key rotation, which should have been set during installation, appears to have never been implemented. When Lin was just four years old, the keys were established, but no one updated them thereafter.

      The hacking process was relatively straightforward. Lin employed a software-defined radio, a device that uses software instead of hardware for radio components, to intercept the rail company’s radio communications. He downloaded the intercepted signals onto his laptop, decoded the TETRA parameters, and programmed these codes into handheld radios. He then sent out a copied General Alarm signal that looked like it came from a station employee, activating emergency braking procedures throughout the network. Authorities characterized the method as basic.

      This kind of vulnerability isn't new. In 2023, Dutch cybersecurity researchers at Midnight Blue revealed a deliberate backdoor in the TETRA encryption algorithm, affecting radios made by companies like Motorola, Damm, and Hytera. They discovered that the system could be compromised in under a minute using readily available hardware, enabling attackers to issue malicious commands to critical infrastructures or eavesdrop on emergency services. The TETRA system is utilized by the port of Rotterdam, various European public transport systems, the Dutch emergency services network C2000, and many similar entities in the US. Despite the findings, Midnight Blue stated that numerous critical infrastructure operators did not respond to their alerts.

      Taiwan's situation illustrates the consequences of ignoring these warnings. RTL-SDR, a publication that has monitored TETRA vulnerabilities for years, speculates that THSRC might have been using the outdated TETRA encryption algorithm TEA1. However, the more likely explanation is simply that key rotation was never set up at all.

      The political repercussions have been swift. Democratic Progressive Party legislator Ho Shin-chun brought up the incident during a state Transportation Committee meeting. “If a college student could hack a system as complex as the high-speed rail system, what could happen with the Taiwan Railway Corp's system?” she posed. When she inquired whether the Taiwan Transportation Safety Board had been notified, the board confirmed it had not been alerted.

      The Ministry of Transportation and Communications has promised to submit a report within a month on enhancing railway communication security. Both THSRC and the Taiwan Railway Corp have begun reassessing their radio system security, and the Railway Bureau has directed metro operators to perform similar evaluations. Police confiscated 11 handheld radios, an SDR receiver, a laptop, and two smartphones from Lin's home. They also discovered that he could listen in on the New Taipei City Fire Department and the Taoyuan International Airport MRT Line frequencies.

      Lin was arrested on April 28, more than three weeks after the event. His lawyer contended that the transmission was unintentional, stating, “I had [the radio] in my pocket and accidentally pressed the button.” Authorities found this defense unpersuasive, especially given the amount of specialized equipment recovered and evidence indicating that a 21-year-old accomplice shared vital THSRC parameters with Lin. Lin was released on bail set at NT$100,000 (about $3,200) and faces charges under Article 184 of the Criminal Law, which carries a maximum penalty of 10 years.

      The broader context involves a global transport infrastructure that has not kept pace with the risks posed to it. While software supply chain attacks have been at the forefront of cybersecurity discussions in 2026, the Taiwan incident serves as a reminder that some of the most significant vulnerabilities lie not in software, but in outdated radio systems installed two decades ago that were never updated, secured by cryptographic keys unchanged since the Bush administration, and functioning on a protocol whose weaknesses have been well-documented for years.

      This trend is evident across technological sectors: the area that poses the greatest risk often receives the least attention, particularly legacy