Hackers Fix Polish Train Glitch, Face Legal Pushback by the Manufacturer

In a recent cybersecurity incident, three Polish hackers achieved success in repairing the malfunctioning software of a train, initially serviced by independent repair shops for a regional rail operator.
The narrative took a twist when accusations arose against the manufacturer, Newag, alleging that they remotely rendered inoperable trains serviced by the Polish train repair company, SPS. That's not all, reportedly, Newag is threatening the hackers with a lawsuit.
While we don't want to get overly religious or emotional, it's an undeniable fact that Whitehat hackers, also known as ethical hackers or cybersecurity researchers, are nothing short of a blessing.
Numerous cases exist where ethical hackers have saved companies from devastating hacks.
Further, take this whitehat hacker who went the extra mile to unlock a car for a family that lost their keys.
Let's not forget the notorious WannaCry ransomware attack, which was successfully thwarted by a whitehat hacker, while cybersecurity and technology giants remained clueless.
The issues surrounding Newag's Impuls series of trains, which are operated by independent entities, have been ongoing since the summer, adversely affecting customer service.
These trains exhibited mysterious failures, refusing to restart after routine maintenance.
To unravel the mystery behind these disruptions, SPS enlisted the expertise of Dragon Sector, a group of ethical hackers.
Insights from Dragon Sector reveal a concerning aspect of Newag trains' software programming in Poland.
According to the ethical hacking group, Newag's trains were equipped with a unique feature that triggered a software lockdown if they remained stationary for more than 10 days.
Regardless, the complexities of Newag's software go beyond mere inactivity, extending to a sophisticated mechanism that activates when a train parks at specific GPS locations.
One of Dragon Sector's hackers, Michał Kowalczyk, stated that this issue seems deliberate from Newag.
Zaufana Trzecia Strona, a Polish language IT security news website also reports that repair countermeasures would activate if parts were replaced without a hidden unlock sequence in the train's computer.
Codes would shut the train down after one million kilometres, and hardware could allow remote interaction with Newag trains.
Newag, Poland's oldest railway company, denies accusations and blames SPS for initiating a conspiracy theory.
Newag claims the story is slander from competitors and threatens to sue Dragon Sector.
Right-to-repair is combated through proprietary software and encryption that the company can only read. Lower Silesian Railways, a rail operator, has been in a dispute with Newag, which produces its Impuls 45WE hybrid multiple units.
In June 2022, the railroad experienced multiple no-start failures with these trainsets, resulting in fewer trains running than scheduled and impacting passenger service.
This should come as no surprise, as companies and businesses frequently don't appreciate the efforts of whitehat hackers who are doing good.


This Cyber News was published on www.hackread.com. Publication date: Sat, 16 Dec 2023 20:13:05 +0000


Cyber News related to Hackers Fix Polish Train Glitch, Face Legal Pushback by the Manufacturer

How a Group of Train Hackers Exposed a Right-to-Repair Nightmare - Earlier this month, Polish hackers known as Dragon Sector accused one of Poland's largest train makers, Newag, of intentionally bricking its own trains when they're repaired by third parties. Newag threatened to sue Dragon Sector, but the story ...
11 months ago Packetstormsecurity.com
Hackers Fix Polish Train Glitch, Face Legal Pushback by the Manufacturer - In a recent cybersecurity incident, three Polish hackers achieved success in repairing the malfunctioning software of a train, initially serviced by independent repair shops for a regional rail operator. The narrative took a twist when accusations ...
1 year ago Hackread.com
Legal and Compliance Considerations in Cloud Computing - This paradigm change has faced challenges, primarily legal and compliance issues. This can present severe legal issues, particularly regarding data ownership. According to S. Krishnan, the transforming nature of computing has created legal ...
10 months ago Feeds.dzone.com
Polish train maker denies claims it geofenced trains The Register - A trio of Polish security researchers claim to have found that trains built by Newag SA contain software that sabotages them if the hardware is serviced by competitors. Newag, a Polish train maker, emphatically denied that it installed such software ...
1 year ago Go.theregister.com
Law Firms and Legal Departments Get Singled Out For Cyberattacks - Cyberattackers are doubling down on their attacks against law firms and corporate legal departments, moving beyond their historical activity of hacking and leaking secrets to targeting the sector with financial attacks, such as ransomware and ...
1 year ago Darkreading.com
Hugging Face dodged a cyber-bullet with Lasso Security's help - Further validating how brittle the security of generative AI models and their platforms are, Lasso Security helped Hugging Face dodge a potentially devastating attack by discovering that 1,681 API tokens were at risk of being compromised. The tokens ...
1 year ago Venturebeat.com
Partnering with Government to Strengthen Cyber Resilience in Poland - We are honored to partner with the Polish Government as part of its Polish Cybersecurity Partnership Program program to help expand the country's national cybersecurity capabilities, enhance its cyber defenses, and increase public awareness of the ...
11 months ago Paloaltonetworks.com
Russian hackers use old Outlook vulnerability to target Polish orgs - Russian state-backed hacking group Forest Blizzard has been using a known Microsoft Outlook vulnerability to target public and private entities in Poland, Polish Cyber Command has warned. Compromising email accounts and maintaining access to them. ...
1 year ago Helpnetsecurity.com
Cybersecurity and the Law: Taking Proactive Steps Before Needing Legal Action - How the justice system deals with cybercrime is still relatively new and finding its footing. How cybercriminals are leveraging the legal system is relatively new, too. Imagine a world where your organization gets hacked, and then, to add insult to ...
10 months ago Securityboulevard.com
Microsoft unveils Face Check for secure identity verification - Microsoft today announced the launch of Face Check, a new facial recognition feature for its Entra Verified ID digital identity platform. Face Check allows businesses to match a user's selfie to their government ID or employee credentials, providing ...
10 months ago Venturebeat.com
Recent Legal Developments That Favors Security Researcher But Challenges Remain;; - The world has seen several advancements in cyber security law across countries in recent times that indicates the importance of protecting rights of individuals who work to improve security in computer systems, networks, and software. Recently, ...
1 year ago Csoonline.com
Exposed Hugging Face APIs Opened AI Models to Cyberattacks - Security flaws found in both Hugging Face and GitHub repositories exposed almost 1,700 API tokens, opening up AI developers to supply chain and other attacks and putting a brighter spotlight on the need to ensure that security keeps up with the ...
1 year ago Securityboulevard.com
Meta AI Models Cracked Open With Exposed API Tokens - Researchers recently were able to get full read and write access to Meta's Bloom, Meta-Llama, and Pythia large language model repositories in a troubling demonstration of the supply chain risks to organizations using these repositories to integrate ...
1 year ago Darkreading.com
Trains were designed to break down after third-party repairs, hackers find - An unusual right-to-repair drama is disrupting railroad travel in Poland despite efforts by hackers who helped repair trains that allegedly were designed to stop functioning when serviced by anyone but Newag, the train manufacturer. Members of an ...
1 year ago Packetstormsecurity.com
How Hackers Interrupted GTA 5 Online Gameplay on PC - Recently, a cyber-attack on Grand Theft Auto 5 Online on PC caused an interruption to thousands of players’ gameplays. The game was completely taken offline and players couldn’t even access the main gameplay menu. The attack caused an uproar ...
1 year ago Hackread.com
Exposed Hugging Face API tokens jeopardized GenAI models - Lasso Security researchers discovered 1,681 Hugging Face API tokens exposed in code repositories, which left vendors such as Google, Meta, Microsoft and VMware open to potential supply chain attacks. In a blog post published Monday, Lasso Security ...
1 year ago Techtarget.com
Microsoft Adds Face Check to Entra Verified ID - Microsoft has added facial matching to its Entra Verified ID service, which lets organizations create and issue verifiable credentials to validate claims such as employment, education, certifications, and residence. The new Face Check feature is ...
10 months ago Darkreading.com
Navigating the New Age of Cybersecurity Enforcement - Many equate this move as akin to a bomb going off for people working in the CISO role. CISOs are now faced with unprecedented potential liability risks, prompting the need for a proactive approach to legal exposure for security executives. To shed ...
11 months ago Darkreading.com
Legal, compliance and privacy leaders anxious about rapid GenAI adoption - Rapid GenAI adoption is the top-ranked issue for the next two years for legal, compliance and privacy leaders, according to Gartner. 70% of respondents reported rapid GenAI adoption as a top concern for them. Gartner experts have identified four key ...
11 months ago Helpnetsecurity.com
AI platform Hugging Face says hackers stole auth tokens from Spaces - AI platform Hugging Face says that its Spaces platform was breached, allowing hackers to access authentication secrets for its members. Hugging Face Spaces is a repository of AI apps created and submitted by the community's users, allowing other ...
6 months ago Bleepingcomputer.com
In the rush to build AI apps, don't leave security behind The Register - There are countless models, libraries, algorithms, pre-built tools, and packages to play with, and progress is relentless. You'll typically glue together libraries, packages, training data, models, and custom source code to perform inference tasks. ...
9 months ago Go.theregister.com
FTC's Rite Aid Ruling Rightly Renews Scrutiny of Face Recognition - The Federal Trade Commission on Tuesday announced action against the pharmacy chain Rite Aid for its use of face recognition technology in hundreds of stores. The regulator found that Rite Aid deployed a massive, error-riddled surveillance program, ...
1 year ago Eff.org
Poland says it was targeted by Russian military intelligence hackers - Russian state-sponsored hackers have targeted Polish government institutions in a recent espionage campaign, according to a new report. Poland's computer emergency response team, CERT-PL, said on Wednesday that it had observed a large-scale malware ...
7 months ago Therecord.media
Fancy Bear hackers still exploiting Microsoft Exchange flaw - A Russian nation-state group continues to exploit a critical Microsoft vulnerability that was patched eight months ago to gain access to emails within victim organizations' Exchange servers. In March, Microsoft disclosed a zero-day elevation of ...
1 year ago Techtarget.com
23andMe Faces Legal Backlash Over Data Breach and Blames Victims - Facing a deluge of more than 30 lawsuits from individuals impacted by a substantial data breach, genomics company 23andMe has taken a defensive stance by placing responsibility on the victims themselves. The breach came to light in October when ...
11 months ago Cysecurity.news

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)