- Messages
- 3,128
I doubt this affects anybody here, but it's a good illustration of why "right to repair" is so important and what lengths manufacturers will go to to keep ownership of maintenance and repairs. But I'm mostly sharing it because it's fucking wild.
Here are links to a couple articles about it:
The first one goes into how this was discovered, and the second one is the train manufacturer insisting they did nothing wrong with increasingly outlandish excuses. I recommend you read them both for their entertainment value, but the short version is this:
Here are links to a couple articles about it:
Dieselgate, but for trains – some heavyweight hardware hacking
[this is an English translation of the original article in Polish, we occasionally publish the best cyber stories from Poland in English] A train manufactured by a Polish company suddenly broke down during maintenance. The experts
badcyber.com
Trains were designed to break down after third-party repairs, hackers find
The train manufacturer accused the hackers of slander.
arstechnica.com
The first one goes into how this was discovered, and the second one is the train manufacturer insisting they did nothing wrong with increasingly outlandish excuses. I recommend you read them both for their entertainment value, but the short version is this:
- Train operator buys trains from Newag
- SPS wins the contract to do maintenance because they bid considerably lower than Newag
- When the trains hit a million km, they must go through a extensive maintenance process which requires disassembling the entire train
- After this process, the trains would refuse to move
- SPS cannot find any explanation for it. They get a working train to try pulling the non working ones, and that one suddenly quits working too despite them having done nothing to it
- SPS is about to lose the contract and grasps for straws and hires a software hacking company Dragon Sector to investigate
- DS finds code which bricks the trains after it spends ten days at a third party repair shop
- They also find an unlock code which involves clicking in specific ways on the user interface, which magically gets the trains moving again
- DS finds a hidden modem in the trains
- When knowledge of the unlock code hit the media, Newag remotely patched it out
- Newag claims they have nothing to do with any of this, they will sue DS, and the hackers have violated many unspecified laws and made the trains unsafe, so the trains should be removed from service
- Newag says maybe the third party repair shop added the malicious code, so therefore Newag should be used for future maintenance
- A government official says Newag contacted him and said the malicious code was "unintentional" and they are "victims of cyber criminals"