In a recent cybersecurity incident, three Polish hackers achieved success in repairing the malfunctioning software of a train, initially serviced by independent repair shops for a regional rail operator.
The narrative took a twist when accusations arose against the manufacturer, Newag, alleging that they remotely rendered inoperable trains serviced by the Polish train repair company, SPS. That's not all, reportedly, Newag is threatening the hackers with a lawsuit.
While we don't want to get overly religious or emotional, it's an undeniable fact that Whitehat hackers, also known as ethical hackers or cybersecurity researchers, are nothing short of a blessing.
Numerous cases exist where ethical hackers have saved companies from devastating hacks.
Further, take this whitehat hacker who went the extra mile to unlock a car for a family that lost their keys.
Let's not forget the notorious WannaCry ransomware attack, which was successfully thwarted by a whitehat hacker, while cybersecurity and technology giants remained clueless.
The issues surrounding Newag's Impuls series of trains, which are operated by independent entities, have been ongoing since the summer, adversely affecting customer service.
These trains exhibited mysterious failures, refusing to restart after routine maintenance.
To unravel the mystery behind these disruptions, SPS enlisted the expertise of Dragon Sector, a group of ethical hackers.
Insights from Dragon Sector reveal a concerning aspect of Newag trains' software programming in Poland.
According to the ethical hacking group, Newag's trains were equipped with a unique feature that triggered a software lockdown if they remained stationary for more than 10 days.
Regardless, the complexities of Newag's software go beyond mere inactivity, extending to a sophisticated mechanism that activates when a train parks at specific GPS locations.
One of Dragon Sector's hackers, Michał Kowalczyk, stated that this issue seems deliberate from Newag.
Zaufana Trzecia Strona, a Polish language IT security news website also reports that repair countermeasures would activate if parts were replaced without a hidden unlock sequence in the train's computer.
Codes would shut the train down after one million kilometres, and hardware could allow remote interaction with Newag trains.
Newag, Poland's oldest railway company, denies accusations and blames SPS for initiating a conspiracy theory.
Newag claims the story is slander from competitors and threatens to sue Dragon Sector.
Right-to-repair is combated through proprietary software and encryption that the company can only read. Lower Silesian Railways, a rail operator, has been in a dispute with Newag, which produces its Impuls 45WE hybrid multiple units.
In June 2022, the railroad experienced multiple no-start failures with these trainsets, resulting in fewer trains running than scheduled and impacting passenger service.
This should come as no surprise, as companies and businesses frequently don't appreciate the efforts of whitehat hackers who are doing good.
This Cyber News was published on www.hackread.com. Publication date: Sat, 16 Dec 2023 20:13:05 +0000