Polish Trains were equipped with automatic killswitch by manufacturer Newag
Polish Trains were equipped with automatic killswitch by manufacturer Newag
Attached: 1 image I can finally reveal some research I've been involved with over the past year or so. We (@redford@infosec.exchange, @mrtick@infosec.exchange and I) have reverse engineered the PLC code of NEWAG Impuls EMUs. These trains were locking up for arbitrary reasons after being serviced a...
A polish hacker found out why trains did stop working. The manufacterer implemented a hidden electronic switch, which automatically activated after trains were serviced by a different company.
the PLC code actually contained logic that would lock up the train with bogus error codes after some date
I hope they sue the manufacturer.
Manufacture should be charged with public engagement or similar.
An unexpected dead train on a track, emitting bogus codes that possibly confuse rail systems (thus resulting in other trains not being properly warned) could result in a lot of harm. Managers and executives found to be responsible for the team that implemented it should be hit hardest
Didn't know John Deere made trains
Can we now finally say that drm sucks and any/all attempts to override it are reasonable because it’s broken by design?
Poland finally famous for something new ❤️
Oh yeah, absolutely nothing to do with trains the last time.
Well, I beg to differ
Yeah manufacturers are getting out of hand with this kind of shit.
Machines are being made now to be unserviceable except with the manufacturer attending.
except with the manufacturer attending
And charging an exorbiant fee
Yeah and pay their techs pretty average too. At least who i work for does.
But get to be at the forfront of technology
Sounds so legal that I'm sure its a plotpoint in a The Boys episode
This is Polska. Law is fluid here.
But genders are not.
The trains also had a GSM telemetry unit that was broadcasting lock conditions, and in some cases appeared to be able to lock the train remotely.
So, it sounds like this remote lock is speculation, so I'm not gonna say that this is actually the case here, and I don't know how trustworthy the source here is.
But, speaking in general: an additional problem with sticking back doors in products is that someone else may discover them and exploit them, and the uses to which they may put them may be considerably less-pleasant than whatever the purpose that the manufacturer had in sticking them in.
Just earlier this year, we had articles about this incident with Polish trains. That wasn't a back door in that it wasn't particularly hidden, but it was a way to do remote radio control of Polish trains, and sure enough, when someone who wanted to create trouble with it discovered it, it got used to cause problems for Polish train operators.
https://www.wired.com/story/poland-train-radio-stop-attack/
The Cheap Radio Hack That Disrupted Poland’s Railway System
The sabotage of more than 20 trains in Poland by apparent supporters of Russia was carried out with a simple “radio-stop” command anyone could broadcast with $30 in equipment.
It wasn't a back door, it was a safety feature working as designed. IIRC it didn't have any modern security implemented, because it's very old.
Also, the link from the OP doesn't mention that, but the trains in this story had locations of competitors' repair centers coded in, and were apparently set to auto-lock if they detected sitting in one for more than 10 days...
So, locking out repairs for anything they would have to order parts for.
I'm guessing that they're using some sort of custom size for their bolts and tolerances in the train. The competitors likely have the standard sizing for parts on hand, and any custom part would need to be ordered in. Likely from the same supplier.
Since they know their supplier's order return timing, they can set up the kill switch when they know that the train will be sitting in a yard awaiting parts.
Scummy as fuck.
Goddamn that's malicious
Newag S.A. [pronounced: nevag] is a Polish company, based in Nowy Sącz, specialising in the production, maintenance, and modernisation of railway rolling stock. The company's products include the 14WE, 19WE, 35WE types electric multiple units; it has also developed the Nevelo tram.[2]
Somehow this is the worst bit -- a Polish company fucks the Polish state railway operator because of greed. If they'd done this in another country, there might have been some international repercussions etc. but they opted to burn their name in their own home country. This being found by random hackers is actually the best way for Newag for this affair to become public. This could have been so much worse.
Yup instead of the "I guess that third party repair really fucked up huh"
These guys are getting super [brazen]. Is this contract with the Polish state? or private?
BMW and Mercedes: "write that down!!"
I hope they develop a hidden switch to deactivate Newag.
Permanently Deleted
Is that guy in the thumbnail trying to tell that train which way to go?