How a Group of Train Hackers Exposed a Right-to-Repair Nightmare

Earlier this month, Polish hackers known as Dragon Sector accused one of Poland's largest train makers, Newag, of intentionally bricking its own trains when they're repaired by third parties.
Newag threatened to sue Dragon Sector, but the story exploded as an example of why we deserve the right-to-repair and the company is facing an investigation from the Polish Office of Competition and Consumer Protection.
Dragon Sector was hired by a repair workshop that was stumped by several Newag trains that wouldn't start.
The hackers quickly found anticompetitive behavior ingrained in the code of Newag trains and went to Polish authorities with the case in 2022.
Dragon Sector says in two instances, Newag had written code that would cause a train to fail if it was at a competitor's workshop.
After a year of not seeing much progress with the authorities, the train hackers decided to go public.
Dragon Sector was given just a week to unbrick the trains, because the train operator who hired them had so many broken trains it was causing severe service issues.
The operator said they would send the trains back to Newag for more expensive servicing.
Hackers found the bricks by comparing the code of working trains to bricked trains using an algorithm.
Dragon Sector found Newag trains were triggered to lock up when reaching geofenced coordinates, sitting still for 10 days, or in one case, a train would simply lock up every year on December 21st. If any of the triggers were met, the train computer's NVRAM would flip certain bits to zero, putting a gate on the train's throttle and locking the train from moving.
Dragon Sector analyzed 30 Newag trains, and 24 of them had locks, many of them with various triggers and locking mechanisms.
Dragon Sector has put Newag's anticompetitive practices regarding repairs on an international stage.
Newag denies allegations that it has inserted locking mechanisms in its trains, but several Polish train operators have corroborated Dragon Sector's allegations.
A train operator out of Warsaw, SKM Warszawa, told Gizmodo it recorded one case of a Newag train with a locking mechanism, that corresponds to Dragon Sector's story.
Last week, another Polish train operator, Polregio, told the publication Onet, that its Newag trains were still failing to start due to blocks that align with Dragon Sector's allegations.
Dragon Sector says they are authorized users of the train software because they were hired under contract by an authorized train workshop.
Requiring operators and workshops to obtain a separate license to repair trains, not included in the sale of the train, is unusual altogether.
Dragon Sector commends Newag for making great trains but believes they should not be in the repair market if they're going to be anti-competitive.
The other largest train manufacturer in Poland, Pesa, is not in the repair market at all.
Allowing trains to be repaired swiftly and in a cost-efficient way likely means fewer delays for riders.


This Cyber News was published on packetstormsecurity.com. Publication date: Wed, 03 Jan 2024 15:43:04 +0000


Cyber News related to How a Group of Train Hackers Exposed a Right-to-Repair Nightmare

How a Group of Train Hackers Exposed a Right-to-Repair Nightmare - Earlier this month, Polish hackers known as Dragon Sector accused one of Poland's largest train makers, Newag, of intentionally bricking its own trains when they're repaired by third parties. Newag threatened to sue Dragon Sector, but the story ...
11 months ago Packetstormsecurity.com
Hackers Fix Polish Train Glitch, Face Legal Pushback by the Manufacturer - In a recent cybersecurity incident, three Polish hackers achieved success in repairing the malfunctioning software of a train, initially serviced by independent repair shops for a regional rail operator. The narrative took a twist when accusations ...
1 year ago Hackread.com
Trains were designed to break down after third-party repairs, hackers find - An unusual right-to-repair drama is disrupting railroad travel in Poland despite efforts by hackers who helped repair trains that allegedly were designed to stop functioning when serviced by anyone but Newag, the train manufacturer. Members of an ...
1 year ago Packetstormsecurity.com
Keep The Momentum Going for The Right to Repair - Thanks to support from local advocates across the country, we've been able to have a few strong years for the right to repair. Both California and Minnesota's right to repair laws go into effect today, and we've even made some headway convincing ...
5 months ago Eff.org
Key Group uses leaked builders of ransomware and wipers | Securelist - The first discovered sample of Key Group, the Xorist ransomware, established persistence in the system by changing file extension associations. The .huis_bn extension added to encrypted files in the early versions of Key Group samples, Xorist and ...
2 months ago Securelist.com
How Hackers Interrupted GTA 5 Online Gameplay on PC - Recently, a cyber-attack on Grand Theft Auto 5 Online on PC caused an interruption to thousands of players’ gameplays. The game was completely taken offline and players couldn’t even access the main gameplay menu. The attack caused an uproar ...
1 year ago Hackread.com
security and privacy in Facebook groups - Having found myself roped into assisting as co-administrator a couple of Facebook groups with security/privacy issues, I thought I should, perhaps, share what little I know about defending your group against scam and spam posts and comments by ...
11 months ago Securityboulevard.com
Hackers breach Australian court hearing database - The court system for Australia's second-most-populated state was hit by a ransomware attack that potentially exposed sensitive recordings of some court hearings. Court Services Victoria, an administrative body that supports the operations of the ...
11 months ago Therecord.media
Cyberattack on Irish Utility Cuts Off Water Supply for Two Days - An attack launched by hackers last week against the systems of a small water utility in Ireland interrupted the water supply for two days. The cyberattack was reported by a local newspaper, Western People, and technical details are murky. The attack ...
1 year ago Packetstormsecurity.com
Android game dev's Google Drive misconfig highlights cloud security risks - Japanese game developer Ateam has proven that a simple Google Drive configuration mistake can result in the potential but unlikely exposure of sensitive information for nearly one million people over a period of six years and eight months. The ...
11 months ago Bleepingcomputer.com
Polish train maker denies claims it geofenced trains The Register - A trio of Polish security researchers claim to have found that trains built by Newag SA contain software that sabotages them if the hardware is serviced by competitors. Newag, a Polish train maker, emphatically denied that it installed such software ...
1 year ago Go.theregister.com
Change Healthcare's New Ransomware Nightmare Goes From Bad to Worse - Change Healthcare is facing a new cybersecurity nightmare after a ransomware group began selling what it claims is Americans' sensitive medical and financial records stolen from the health care giant. RansomHub claimed it had health care data on ...
8 months ago Wired.com
Feds Disrupt Botnet Used by Russian APT28 Hackers - Federal law enforcement kicked Russian state hackers off a botnet comprising at least hundreds of home office and small office routers that had been pulled together by a cybercriminal group and co-opted by the state-sponsored spies. APT28, an ...
10 months ago Securityboulevard.com
Hackers from North Korea Aimed at Medical and Energy Industries - The North Korean Lazarus hacking group has been identified as the perpetrator of a recent cyber espionage operation known as No Pineapple!. This designation highlights the group's malicious activities and its ability to carry out sophisticated ...
1 year ago Cybersecuritynews.com
Booking.com hackers increase attacks on customers - Hackers are increasing their attacks on Booking.com customers by posting adverts on dark web forums asking for help finding victims. Cyber-criminals are offering up to $2,000 for login details of hotels as they continue to target the people who are ...
1 year ago Bbc.com
Holiday Hackers: How to Safeguard Your Service Desk - Hackers really don't take holidays, but they will take advantage of them. Many of these cyberattacks will zero in on the service or help desk to gain entry into network systems. Recovering accounts because of forgotten passwords is one of the ...
1 year ago Bleepingcomputer.com
Hacker Conversations: Chris Evans, Hacker and CISO - Chris Evans is CISO and chief hacking officer at HackerOne. SecurityWeek's Hacker Conversations series seeks to understand the mind and motivations of hackers by talking to hackers. Evans challenges the common perception of both hackers and their ...
5 months ago Securityweek.com
NCC Group records the most ransomware victims ever in 2023 - While coordinated law enforcement action and government initiatives helped in the fight against ransomware last year, NCC Group still recorded an 84% increase in attacks during 2023. The report included data from NCC Group's Cyber Incident Response ...
10 months ago Techtarget.com
Google links WinRAR exploitation to Russian, Chinese state hackers - Google says that several state-backed hacking groups have joined ongoing attacks exploiting a high-severity vulnerability in WinRAR, a compression software used by over 500 million users, aiming to gain arbitrary code execution on targets' systems. ...
1 year ago Bleepingcomputer.com
Cybersecurity Crisis Looms: FBI Chief Unveils Chinese Hackers' Plan to Target US Infrastructure - As the head of the FBI pointed out Wednesday, Beijing was positioning itself to disrupt the daily lives of Americans if there was ever a war between the United States and China if it were to plant malware to damage civilian infrastructure. U.S. ...
10 months ago Cysecurity.news
The Unlikely Romance of Hackers and Government Suitors - The annual Hack the Capitol event brings together a diverse group of scientists, hackers, and policymakers to educate congressional staffers, scholars, and the press about the most critical cybersecurity challenges facing our nation. Hack the Capitol ...
1 year ago Darkreading.com
CVE-2021-28496 - On systems running Arista EOS and CloudEOS with the affected release version, when using shared secret profiles the password configured for use by BiDirectional Forwarding Detection (BFD) will be leaked when displaying output over eAPI or other JSON ...
2 years ago
CVE-2020-15898 - In Arista EOS malformed packets can be incorrectly forwarded across VLAN boundaries in one direction. This vulnerability is only susceptible to exploitation by unidirectional traffic (ex. UDP) and not bidirectional traffic (ex. TCP). This affects: ...
3 years ago
FBI disrupts Moobot botnet used by Russian military hackers - The FBI took down a botnet of small office/home office routers used by Russia's Main Intelligence Directorate of the General Staff in spearphishing and credential theft attacks targeting the United States and its allies. This network of hundreds of ...
10 months ago Bleepingcomputer.com
Sandworm Hackers Caused Another Blackout in Ukraine-During a Missile Strike - The notorious unit of Russia's GRU military intelligence agency known as Sandworm remains the only team of hackers to have ever triggered blackouts with their cyberattacks, turning off the lights for hundreds of thousands of Ukrainian civilians not ...
1 year ago Wired.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)