Hacker Flags Flaw in Swiss Railway System

Hacker Flags Flaw in Swiss Railway System

An anonymous hacker has raised the alarm after discovering a vulnerability impacting Switzerland’s national railway system.

The flaw allowed the hacker to gain access to personal data belonging to around 500,000 individuals who had purchased tickets to ride on Swiss Federal Railways (SFR).

After detecting a weak spot in SFR’s Swiss Card system, the hacker reported it to the Rundschau show, which airs on Swiss public television, SRF.

Information left vulnerable by the flaw included travelers’ names, dates of birth, the number of first- and second-class tickets they purchased, places of departure and final destinations.

Speaking to the Rundschau program, the hacker said that anyone could have easily viewed the data as no specialist IT knowledge was needed to exploit the flaw. 

“The sensitive data was practically public on the internet,” said the hacker. 

The security breach was reported to Switzerland’s Federal Data Protection Commissioner. 

According to Swiss news site Swiss Info, the data compromised by the hacker was never made public and has since been secured by SFR. 

The hacker said that their motivation in exploiting the flaw was to expose its existence in the hope of averting a potentially malicious cyber-attack. 


Read More: https://www.infosecurity-magazine.com/news/hacker-flags-flaw-in-swiss-railway/