Radio Spoofing Attack Triggered Emergency Stops on Taiwan High-Speed Rail
A 23-year-old university student in Taiwan was arrested after allegedly using radio spoofing to disrupt Taiwan High Speed Rail by transmitting a false high-priority General Alarm signal over the railway’s TETRA communications system. The spoofed alert forced train drivers in the affected sector to enter manual emergency stop mode, halting three to four trains and causing delays of roughly 48 minutes to nearly an hour during the Qingming Festival travel period. Investigators said the attacker cloned or decoded radio parameters from a legitimate TETRA mobile device and generated the alarm externally rather than from any authorized railway handset.
Authorities said the suspect used software-defined radio gear, handheld radios, and other electromagnetic interference and wireless broadcasting equipment, allegedly exploiting a computer-system weakness and communication parameters that had reportedly not been rotated for 19 years. A 21-year-old alleged accomplice was reported to have supplied key Taiwan High Speed Rail parameters. Investigators traced the activity through railway network logs to the suspect’s residence, seized communications equipment, and referred the case to prosecutors; the suspect was later released on NT$100,000 bail and faces charges tied to endangering public transportation and using illegal signal-interference equipment.
How this story unfolded
4 events from the earliest known activity through the most recent confirmed update.
Radio spoofing attack triggers emergency stops on Taiwan High Speed Rail
On the final night of the Qingming Festival holiday, an attacker transmitted a false high-priority General Alarm signal on Taiwan High Speed Rail's TETRA radio network, forcing trains into emergency stop mode. Reports indicate the disruption halted three to four trains for roughly 48 minutes to nearly an hour.
THSR audits communications hardware and reports incident to investigators
After the disruption, Taiwan High Speed Rail reviewed its communications equipment, found no authorized devices missing, and concluded the alarm had been generated externally. The company reported the incident to the Railway Police Bureau and the Criminal Investigation Bureau's Telecommunications Investigation Division.
Authorities trace spoofing activity to suspects and seize radio equipment
Investigators used THSR network logs to trace the false signal activity to a 23-year-old university student's residence and identified a 21-year-old alleged accomplice who reportedly supplied key rail communication parameters. Authorities seized communications gear, including software-defined radio and related wireless equipment.
Taiwanese student questioned, arrested, and released on bail
Authorities arrested and questioned the 23-year-old suspect over the rail disruption, alleging he exploited communication-system weaknesses and used illegal signal-interference equipment. He was charged under Taiwan law, brought before the Taoyuan District Prosecutors' Office, and released on NT$100,000 bail.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
8 references tracked. Mallory keeps watching after this page renders.
Taiwan's train cyber-trauma reveals a global system that’s coming off the tracks
theregister.com
Open sourceCollege student hacks Taiwan high-speed rail line with software defined radios, stopping four trains - 19 years without crypto key rotation ends in predictable result as hacker sails through 7 layers of protection | Tom's Hardware
tomshardware.com
Open sourceTaiwan High-Speed Rail Emergency Braking Hack: How a Student Stopped the Trains and Exposed a Major Security Gap
securityaffairs.com
Open sourceTaiwan High Speed Rail Hacked Using Radio Signal Spoofing Attack That Halted Three Trains
cybersecuritynews.com
Open sourceTaiwanese student arrested for halting high-speed trains with radio hack | brief | SC Media
scworld.com
Open sourceStudent Arrested in Taiwan for using SDR and Handheld Radios to Halt Four High Speed Trains with TETRA Hack
rtl-sdr.com
Open sourceStudent’s hack prompts THSRC review - Taipei Times
taipeitimes.com
Open source高鐵無線電遭駭凶手找到了!男大生落網下場曝光 | 生活 | Newtalk新聞
newtalk.tw
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
FCC Warning on Radio Station Hijacks via Emergency Alert System Exploitation
Malicious actors have exploited unsecured US radio transmission equipment to hijack broadcasts, injecting profanity-laden and offensive content by abusing the Emergency Alert System (EAS) tones. The Federal Communications Commission (FCC) issued a warning after a series of incidents in Texas and Virginia, where attackers targeted Barix network audio devices, reconfiguring them to stream attacker-controlled audio that included simulated or real EAS alert tones followed by explicit material. Some stations, such as HTX Media in Houston, confirmed their broadcasts were overtaken, with listeners reporting repeated emergency tones and vulgar tracks during live programming. The FCC attributed these intrusions to unsecured studio-to-transmitter links and default or weak device configurations, allowing unauthorized access to critical broadcast infrastructure. In response, the FCC published a checklist of best practices for broadcasters, urging immediate firmware updates, replacement of default passwords, network segmentation, and vigilant monitoring of equipment logs. The agency also referenced prior guidance and encouraged direct engagement with equipment manufacturers to ensure robust security measures are in place, particularly for Barix hardware commonly used in the affected systems.
Apr 8, 2026
Toronto Police Bust Vehicle-Mounted SMS Blaster Phishing Operation
Toronto Police arrested three men and laid 44 charges over an alleged **SMS blaster** operation in the Greater Toronto Area that used rogue cellular base stations mounted in vehicles to impersonate legitimate towers and push phishing texts to nearby phones. Investigators said the campaign, dubbed **Project Lighthouse**, began drawing scrutiny after suspicious activity was reported in downtown Toronto in November 2025, with searches in Markham and Hamilton later leading to the seizure of multiple custom-built blasters and other electronic devices; two suspects were arrested during the searches and a third later surrendered. Authorities said the devices forced tens of thousands of phones to connect automatically, enabling spoofed messages that appeared to come from banks, government agencies, and other trusted organizations and directing victims to fraudulent sites designed to steal credentials, passwords, and banking information. Police estimate the scheme caused roughly **13 million network disruptions** or instances of mobile network entrapment, temporarily knocking affected devices off legitimate service and potentially blocking access to **911**, and described the case as the first known detection of this type of threat in Canada while warning that conventional smishing remains an ongoing risk.
Apr 29, 2026
Fake CAPTCHA SMS Fraud and SMS Blaster Smishing Target Mobile Users
Infoblox researchers reported a long-running **International Revenue Share Fraud (IRSF)** campaign that uses fake CAPTCHA pages to trick mobile users into sending premium-rate international text messages. Victims are funneled through typosquatted telecom-themed domains, ad-network redirects, and **Traffic Distribution System (TDS)** infrastructure to scam landing pages that present bogus verification steps. Those prompts trigger JavaScript that opens the phone’s SMS app with pre-filled messages and dozens of international numbers, and a single four-step interaction can generate about **60 SMS messages to more than 50 destinations**, costing roughly **$30 or more** per session. Researchers said the operation has been active since at least 2020, uses high-fee destinations including **Azerbaijan, Egypt, and Myanmar**, and has been linked to an affiliate of a European **Click2SMS** network using infrastructure hosted on **AS15699, Adam Ecotech**. Separately, Toronto police arrested three men in what authorities described as Canada’s first criminal case involving a mobile **SMS blaster**, a rogue device that impersonates a cellular tower to push phishing texts and disrupt legitimate service. Investigators said the devices were tracked across the Greater Toronto Area after one was detected in downtown Toronto, and police seized multiple SMS blasters and related equipment. Authorities believe **tens of thousands of phones** connected to the rogue system, contributing to more than **13 million network disruptions** that may have interfered with normal mobile access and even emergency services such as **911**. The cases highlight how attackers are abusing both web lures and fake base-station hardware to scale **smishing** and mobile billing fraud.
May 1, 2026