More Southern Rail havoc? Hacker claims its network of computer kiosks open to cyberattack

An alleged computer hacker has claimed all public kiosks used by UK railway operator Southern Rail are susceptible to cyberattacks, asserting the problems could be used to wreak havoc on its wider networks and even gain access to corporate information.

According to SC Magazine, the hacker, who tweets under the name @vonsenger, said the issues were first reported to Southern Rail in November last year. But as recent as this week (16 February) he posted screenshots online purporting to show the existing bug.

"The machines are clearly remotely administered which would indicate a connection is required to allow this process," the hacker said.

"The concern is that the machine not only allows privileged access but it [could be] used as a bounce point for further attacks."

He also claimed: "Given time I could install tools or access telnet to try and access deeper parts of the network or even "footprint" the organisation. It could also allow me to install applications to create further havoc."

Yet the problem remains clear: at this point no solid data on the alleged vulnerability has been provided.

In a statement to IBTimes UK, a Southern Rail spokesperson said: "There is no personal or confidential information held on these information kiosks, which merely give access to websites allowing our passengers to plan their journeys and check other information.

"However, as a precaution, we have taken immediate steps to lock the kiosks out of use while our suppliers carry out a thorough investigation."

The hacker also claimed to SC Magazine the bugs were proof of cybersecurity negligence. When asked if the organisation was able to confirm the hacker's claim the bug was reported last year, a Govia Thameslink Railway spokesperson said: "I can't confirm this."

In an emailed statement, Alex Mathews, a security expert at vendor "Positive Technologies" said it is practically impossible to tell what the impact of the alleged flaw is without accessing the terminal itself, and noted that Southern is unlikely to appreciate that approach.

Describing an hypothetical scenario, he said: "The first thing an attacker would try to establish is the level of access and what privileges they have. If they had local disk access, the worst that could happen is a failure of that kiosk or modification of the behaviour of that specific terminal.

"However, an attacker would be more interested to use such access for further cascading attacks within the network.

"Depending on the level of network access a range of theoretical possibilities exist, from impacting the whole network to compromising one targeted system that could be critical to the kiosk infrastructure.

"One thing is clear; it is not ideal and will hopefully force a reassessment of security."