An unusual right-to-repair drama is disrupting railroad travel in Poland despite efforts by hackers who helped repair trains that allegedly were designed to stop functioning when serviced by anyone but Newag, the train manufacturer.
Members of an ethical hacking group called Dragon Sector, including Sergiusz Bazański and Michał Kowalczyk, were called upon by a train repair shop, Serwis Pojazdów Szynowych, to analyze train software in June 2022.
According to Dragon Sector, Newag entered code into the control systems of Impuls trains to stop them from operating if a GPS tracker indicated that the train was parked for several days at an independent repair shop.
Newag's safety claims are still unsubstantiated, 404 Media reported.
According to Newag, Dragon Sector's report shouldn't be trusted because it was commissioned by one of Newag's biggest competitors.
Dragon Sector maintains that the evidence supports its conclusions.
Dragon Sector and SPS have denied interfering with the train's control systems.
While Newag has contacted authorities to investigate the hacking, Janusz Cieszyński, Poland's former minister of digital affairs, posted on X that the evidence appears to weigh against Newag.
404 Media noted that Newag appeared to be following a common playbook in the right-to-repair world where manufacturers intimidate competitor repair shops with threatened lawsuits and unsubstantiated claims about safety risks of third-party repairs.
Because of the evidence gathered during their analysis, the Dragon Sector team has doubts about whether Newag will actually follow through with the lawsuit.
This Cyber News was published on packetstormsecurity.com. Publication date: Thu, 14 Dec 2023 14:43:05 +0000