Recently, a hacker named keklick1337 claimed on a website saying that he had invaded the Wi-Fi network on the Sapsan high-speed rail and accessed all users’ data within 20 minutes. Russian railway experts then conduct an investigation. The hacker also said that accessing train passenger data is not difficult, at most 20 minutes!
“This is all set up terribly, identical passwords everywhere […] Russian Railways, fix all this. I’ll check it again in a couple of months,” keklick1337 wrote. The programmer also said he had previously found another vulnerability in a Russian Railways system, and the company responded by quietly correcting the error without rewarding him for finding it.
Afterward, representatives of the Russian Railways Department responded that the servers of the Sapsan train’s information and entertainment system did not store passenger personal data. It’s multimedia portal only provides some Russian rail news, movies, books, music, and other entertainment content. In addition, there is some information such as the seat number associated with the individual, but the data is not personal data, and according to the laws of the Russian Federation, such data will not be stored on its server for more than one day.
The department also added that its infotainment system server is not connected to the internal network of the Russian Railways and other internal control services on the train, so it will not affect other internal networks and services.