Polish Hackers Repaired Trains the Manufacturer Artificially Bricked. Now The Train Company Is Threatening Them
Polish Hackers Repaired Trains the Manufacturer Artificially Bricked. Now The Train Company Is Threatening Them
After breaking trains simply because an independent repair shop had worked on them, NEWAG is now demanding that trains fixed by hackers be removed from service.
In one of the coolest and more outrageous repair stories in quite some time, three white-hat hackers helped a regional rail company in southwest Poland unbrick a train that had been artificially rendered inoperable by the train’s manufacturer after an independent maintenance company worked on it. The train’s manufacturer is now threatening to sue the hackers who were hired by the independent repair company to fix it.
After breaking trains simply because an independent repair shop had worked on them, NEWAG is now demanding that trains fixed by hackers be removed from service.
The person is doing a talk about it in hamburg, germany (37c3) next week. Its on my to watch list because that sounds hella interresting.
Edit : 37c3 list of talks : https://halfnarp.events.ccc.de/#dec115da17562cebafa9ba7a150a4fc607c25c880c03593dcc8da6087c9441a4
I wonder if they were taking notes from John Deere and the automotive industry or will it be the reverse here soon?
Just imagine all these vehicles that could be bricked for not going back to the stealerships for outrageous prices on parts and incompetent service.
Also the vehicles that could be disabled for not paying for device protection plan that allows your vehicle to operate safely. It would be a shame if your vehicle stopped working on your way to work or the hospital.
I suspect Tesla, BMW, and John Deere are the closest to this reality.
I sure hope the government doesn't help with another great cash for clunkers national program to get rid of more cars too old for these measures. Sure is a great way to drive new car sales though...
SPS became desperate and Googled “Polish hackers” and came across a group called Dragon Sector, a reverse-engineering team made up of white hat hackers.
Hilarious. I hope 404 continues with this level of high quality journalism.
Dragon sector, who they hired, is a security capture the flag team.
Edit: Socials of those who worked on it
https://social.hackerspace.pl/@q3k
https://infosec.exchange/@mrtick
https://infosec.exchange/@redfordhttps://badcyber.com/dieselgate-but-for-trains-some-heavyweight-hardware-hacking/ link for very detailed description of this story, highly recommend the read!
I like how, instead of recognizing that they got caught, now the train manufacturer is claiming this is some kind of dark PR strategy.
If it is, then please show the public that it's a dark PR strategy by explaining the hidden unlock codes and the DRM code!
If they required the trains to be serviced by manufacturer they should have written it into a mandatory service contract at time of sales.
If anybody wants to know more, they can watch it here https://www.youtube.com/watch?v=w8NqBXT6Kos
Spewing bs about how they can't guarantee the safety and other outrageous shit pouring out their mouths as they provide clearly practiced lawyerspeak to squeeze money from public service into their owners pockets which will then be invested probably in war and killing children for profit.
But let's discuss ethics and shit! Fuck faces need to be brought to moral justice for the evil they commit every day of their brainwashed miserable hateful lives where they pretend to not harm people because they don't do it themselves but via money grabbing schemes. One day all of this shit will seem to be as stupid as hitting kids are these days
Every time I read about this kerfuffle, I am astounded by the sheer stupidity of the manufacturer. Even if they may be technically in the right here(I don't know, since the contracts they have with the operator aren't public), they effectively shoot themselves in the foot with this PR Desaster. Especially the various national rail operators across Europe will think twice about buying NEWAG, since these operators usually have their own maintenance and repair centers, and expect to service their rolling stock there. And those national operators still make up the lion's share of the European rail market.
Most ethical vehicle manufacturer:
(This is a joke)
Apparently there was some kind of gps geo fencing going on - that the software detected the train went into an uncertified repair yard and bricked the thing. So I assume the hackers just purged that info, or unset the flags that denoted the brick condition so as far as the train software was concerned it was operating normally.
It's an interesting hack but there is a safety aspect to this too. A train is a complex machine that could go catastrophically wrong and kill a bunch of people. It's not quite Boeing 737 levels of safety criticality but neither is it something that should be taken lightly with regards to service procedure or parts procurement. So the manufacturer were being dicks to brick the train. But the train operator using an unauthorised repairer who might not have access to, let alone follow the correct servicing procedures or parts is not good either.
Is anyone else hearing Aquarela do Brasil or is it just me...