We're calling it 2-way hacking because a security researcher reports using a train's public Wi-Fi network to hack forward and back.
He used train Wi-Fi to hack forward into train system controls. That's right, he jumped from Wi-Fi to train controls, successfully.
And he used the train Wi-Fi to hack backward into second class, where passengers had to pay for Wi-Fi. You guessed it, he could access their credit card numbers.
HelpNet Security reports:
"Setting up a Wi-Fi network for passengers to use is practically a must for railway companies these days. Unfortunately, that welcome add-on for travelers can become a means for attackers to gain access to other networks and systems.
To those skeptical about these possibility, Pen Test Partners researcher Ken Munro shared the results of his colleagues’ most recent pentesting efforts.
In both exercises, there was an exploitable lack of segregation between the passenger and the staff and train control networks, allowing them to interfere with the latter."
