Earlier this month, Polish hackers known as Dragon Sector accused one of Poland's largest train makers, Newag, of intentionally bricking its own trains when they're repaired by third parties.
Newag threatened to sue Dragon Sector, but the story exploded as an example of why we deserve the right-to-repair and the company is facing an investigation from the Polish Office of Competition and Consumer Protection.
Dragon Sector was hired by a repair workshop that was stumped by several Newag trains that wouldn't start.
The hackers quickly found anticompetitive behavior ingrained in the code of Newag trains and went to Polish authorities with the case in 2022.
Dragon Sector says in two instances, Newag had written code that would cause a train to fail if it was at a competitor's workshop.
After a year of not seeing much progress with the authorities, the train hackers decided to go public.
Dragon Sector was given just a week to unbrick the trains, because the train operator who hired them had so many broken trains it was causing severe service issues.
The operator said they would send the trains back to Newag for more expensive servicing.
Hackers found the bricks by comparing the code of working trains to bricked trains using an algorithm.
Dragon Sector found Newag trains were triggered to lock up when reaching geofenced coordinates, sitting still for 10 days, or in one case, a train would simply lock up every year on December 21st. If any of the triggers were met, the train computer's NVRAM would flip certain bits to zero, putting a gate on the train's throttle and locking the train from moving.
Dragon Sector analyzed 30 Newag trains, and 24 of them had locks, many of them with various triggers and locking mechanisms.
Dragon Sector has put Newag's anticompetitive practices regarding repairs on an international stage.
Newag denies allegations that it has inserted locking mechanisms in its trains, but several Polish train operators have corroborated Dragon Sector's allegations.
A train operator out of Warsaw, SKM Warszawa, told Gizmodo it recorded one case of a Newag train with a locking mechanism, that corresponds to Dragon Sector's story.
Last week, another Polish train operator, Polregio, told the publication Onet, that its Newag trains were still failing to start due to blocks that align with Dragon Sector's allegations.
Dragon Sector says they are authorized users of the train software because they were hired under contract by an authorized train workshop.
Requiring operators and workshops to obtain a separate license to repair trains, not included in the sale of the train, is unusual altogether.
Dragon Sector commends Newag for making great trains but believes they should not be in the repair market if they're going to be anti-competitive.
The other largest train manufacturer in Poland, Pesa, is not in the repair market at all.
Allowing trains to be repaired swiftly and in a cost-efficient way likely means fewer delays for riders.
This Cyber News was published on packetstormsecurity.com. Publication date: Wed, 03 Jan 2024 15:43:04 +0000