Locomotive and rolling stock manufacturer Newag was caught bricking trains that were serviced by third parties.
Specifically, the locomotives "Phoned home" with its location, not an uncommon feature in the railroad world, and if they determined that the locomotive had spent more than a few days at a non-Newag repair facility, they would send a signal to render the engines inoperative:
An unusual right-to-repair drama is disrupting railroad travel in Poland despite efforts by hackers who helped repair trains that allegedly were designed to stop functioning when serviced by anyone but Newag, the train manufacturer.
Members of an ethical hacking group called Dragon Sector, including Sergiusz Bazański and Michał Kowalczyk, were called upon by a train repair shop, Serwis Pojazdów Szynowych (SPS), to analyze train software in June 2022. SPS was desperate to figure out what was causing "mysterious failures" that shut down several vehicles owned by Polish train operator the Lower Silesian Railway, Polish infrastructure trade publication Rynek Kolejowy reported. At that point, the shortage of trains had already become "a serious problem" for carriers and passengers, as fewer available cars meant shorter trains and reduced rider capacity, Rynek Kolejowy reported.
Dragon Sector spent two months analyzing the software, finding that "the manufacturer's interference" led to "forced failures and to the fact that the trains did not start," and concluding that bricking the trains "was a deliberate action on Newag's part."
According to Dragon Sector, Newag entered code into the control systems of Impuls trains to stop them from operating if a GPS tracker indicated that the train was parked for several days at an independent repair shop.
The trains "were given the logic that they would not move if they were parked in a specific location in Poland, and these locations were the service hall of SPS and the halls of other similar companies in the industry," Dragon Sector's team alleged. "Even one of the SPS halls, which was still under construction, was included."
The code also allegedly bricked the train if "certain components had been replaced without a manufacturer-approved serial number," 404 Media reported.
In a statement, Newag denied developing any so-called "workshop-detection" software that caused "intentional failures" and threatened to sue Dragon Sector for slander and for violating hacking laws.
Ah yes, legal threats when caught sabotaging your own product.
In our digital world, you don't even own a locomotive.
………
Dragon Sector got the trains running after discovering "an undocumented ‘unlock code’ which you could enter from the train driver’s panel which magically fixed the issue," Dragon Sector's team told 404 Media.
Newag has maintained that it has never and will never "introduce into the software of our trains any solutions that lead to intentional failures."
Yeah, that's why there is a fucking cheat code to override. Not suspicious at all.
404 Media noted that Newag appeared to be following a common playbook in the right-to-repair world where manufacturers intimidate competitor repair shops with threatened lawsuits and unsubstantiated claims about safety risks of third-party repairs. So far, Dragon Sector does not appear intimidated, posting its success on YouTube and discussing its findings at Poland’s Oh My H@ck conference in Warsaw. The group is also planning "a more detailed presentation" for the 37th Chaos Communication Congress in Hamburg, Germany, at the end of December, The Register reported.
We really need to start prosecuting people who do this, and I mean people, not corporations, and put them in jail.
This is extortion and fraud, pure and simple.
0 comments :
Post a Comment