At 23:23 on April 5, four high-speed bullet trains in Taiwan slammed into emergency braking at the same time. They sat there for 48 minutes. The cause was not a fault, not a power surge, and not a guy on the tracks. It was a 23-year-old radio enthusiast in his bedroom with a software-defined radio, a laptop, and 11 handheld walkie-talkies, transmitting the highest-priority alarm the rail network can hear.
Police arrested him on April 28. He goes by the surname Lin. He is out on roughly 3,280 dollars bail. His lawyer’s defense is, and we are not making this up, that pressing the button on a TETRA-cloned emergency beacon at midnight on the dot was an accident. Taiwanese prosecutors do not seem persuaded. Lin is now facing up to 10 years under Article 184 of the Criminal Law for endangering public transport.
What Lin actually did, in plain Pudgy English
Taiwan High Speed Rail, the network connecting Taipei to Kaohsiung in 90 minutes, runs its operational radio over a system called TETRA. Think of TETRA as the encrypted walkie-talkie protocol used by emergency services, transit operators, and military comms across most of the world. It has priority levels. The highest one is called General Alarm, and when a train control radio receives a valid GA, the train is required to switch to manual emergency braking immediately. No questions, no delay.
Lin pointed an SDR filter at the network, captured live traffic, decoded the signal structure, and figured out which parameters identify a station employee sending a legitimate GA. He then loaded those same parameters into off-the-shelf handheld radios and pressed transmit. The trains, doing exactly what they were designed to do, hit the brakes. A 21-year-old accomplice reportedly handed Lin some of the critical THSR parameters that made the impersonation possible. Cops are still working out the relationship.
The total hardware seized at his place reads like the bill of materials for a community ham radio meetup, not a national infrastructure attack: 11 handhelds, one SDR, an SDR filter, a laptop, and two phones. We have written before about how cheap consumer hardware now lets one person do things that used to require a state actor, like the AI coding agent that wiped a startup database in 9 seconds. That was software. This is radio. The pattern is the same.
The 19-year crypto key that nobody rotated
Here is the part that should make every infrastructure engineer reading this go quiet. Taiwan’s high-speed rail TETRA network has been live since 2007. According to reporting on the case, the cryptographic parameters protecting the system had not been rotated in 19 years. Nineteen. The ink on the original keys is older than the kid who bypassed them.
TETRA, on paper, has seven layers of authentication and verification. Lin walked through all seven because static parameters give an attacker unlimited time to study the system. SDRs cost less than a decent set of the wired headphones Gen Z is suddenly buying again. Once you have one and the patience to read TETRA papers from 2017, the math problem reduces to homework. The seven layers were always going to fall the moment somebody bothered.
This is the dirty secret of legacy radio infrastructure. The protocol gets audited. The deployment does not. Operators provision a system, hand the master parameters to a contractor, and then nobody touches them again because the rotation procedure was never written down or, worse, requires taking the network offline. THSR has not had a hardware-side incident like this in its operating history. They went 19 years on the assumption that obscurity counted as security. It did, until April 5 at 23:23.
Why this matters outside Taiwan
TETRA is not a Taiwanese protocol. It is European, designed by ETSI, and it underpins emergency comms in roughly 120 countries. UK police use it. German fire brigades use it. Most metro systems in the EU use it. The fact that one student in his bedroom in Taipei stopped four bullet trains by replaying parameters that had not been rotated since 2007 is not a Taiwanese embarrassment, it is a global advisory note.
Researchers found documented TETRA weaknesses three years ago, the so-called TETRA:BURST family. Vendors patched some, deployments did not. The Taiwan case is the first time we know of where a civilian, not a security researcher in a controlled environment, has gone end-to-end from “I bought an SDR” to “trains stopped.” It will not be the last. Every operator running TETRA right now is, if they are competent, asking a procurement officer when their keys were last rotated. The answers are going to be uncomfortable.
It is also worth saying out loud: this is the same dynamic we keep covering in tech. Cheap, capable hardware in the hands of a hobbyist beats an institutional assumption that “no one will bother.” It is the same energy as somebody assembling a custom mechanical keyboard from scratch because off-the-shelf is not interesting enough, except instead of comparing linear and tactile switches, Lin was comparing TETRA priority codes. The hobbyist mindset is the same. The blast radius is different.
The 48 minutes nobody got hurt
One thing worth noting before this becomes a movie pitch. The TETRA General Alarm did exactly what it was supposed to do. Trains stopped safely. Passengers were inconvenienced for 48 minutes, then the trains resumed. Nobody was injured. The system had a backdoor in it that should not have been there, but the safety logic on the receiving end was sound.
If Lin had instead spoofed an “all clear” or suppressed legitimate alarms, this story would be very different and we would be writing about a tragedy instead of a fascinating heist. He chose the option that stopped trains rather than the option that crashed them. Whether that was conscience, ignorance, or the path of least resistance for a 23-year-old radio nerd, only the prosecutors will figure out.
For now, Taiwan’s National Communications Commission has ordered THSR to rotate parameters and review the deployment. Other TETRA operators around the world are quietly doing the same. The 19-year rotation streak, ended by 11 walkie-talkies and a kid who liked radios, is over. The next person to try this will not have it that easy. The person after that, somebody will. Welcome to 2026, where one bedroom hobbyist with 200 dollars of gear can stop a national rail network for the price of a museum ticket.
🐾 Visit the Pudgy Cat Shop for prints and cat-approved goodies, or find our illustrated books on Amazon.
Leave a Reply