Trains were designed to break down after third-party repairs, hackers find

An unusual right-to-repair drama is disrupting railroad travel in Poland despite efforts by hackers who helped repair trains that allegedly were designed to stop functioning when serviced by anyone but Newag, the train manufacturer.
Members of an ethical hacking group called Dragon Sector, including Sergiusz Bazański and Michał Kowalczyk, were called upon by a train repair shop, Serwis Pojazdów Szynowych, to analyze train software in June 2022.
According to Dragon Sector, Newag entered code into the control systems of Impuls trains to stop them from operating if a GPS tracker indicated that the train was parked for several days at an independent repair shop.
Newag's safety claims are still unsubstantiated, 404 Media reported.
According to Newag, Dragon Sector's report shouldn't be trusted because it was commissioned by one of Newag's biggest competitors.
Dragon Sector maintains that the evidence supports its conclusions.
Dragon Sector and SPS have denied interfering with the train's control systems.
While Newag has contacted authorities to investigate the hacking, Janusz Cieszyński, Poland's former minister of digital affairs, posted on X that the evidence appears to weigh against Newag.
404 Media noted that Newag appeared to be following a common playbook in the right-to-repair world where manufacturers intimidate competitor repair shops with threatened lawsuits and unsubstantiated claims about safety risks of third-party repairs.
Because of the evidence gathered during their analysis, the Dragon Sector team has doubts about whether Newag will actually follow through with the lawsuit.


This Cyber News was published on packetstormsecurity.com. Publication date: Thu, 14 Dec 2023 14:43:05 +0000


Cyber News related to Trains were designed to break down after third-party repairs, hackers find

How a Group of Train Hackers Exposed a Right-to-Repair Nightmare - Earlier this month, Polish hackers known as Dragon Sector accused one of Poland's largest train makers, Newag, of intentionally bricking its own trains when they're repaired by third parties. Newag threatened to sue Dragon Sector, but the story ...
10 months ago Packetstormsecurity.com
Hackers Fix Polish Train Glitch, Face Legal Pushback by the Manufacturer - In a recent cybersecurity incident, three Polish hackers achieved success in repairing the malfunctioning software of a train, initially serviced by independent repair shops for a regional rail operator. The narrative took a twist when accusations ...
10 months ago Hackread.com
Trains were designed to break down after third-party repairs, hackers find - An unusual right-to-repair drama is disrupting railroad travel in Poland despite efforts by hackers who helped repair trains that allegedly were designed to stop functioning when serviced by anyone but Newag, the train manufacturer. Members of an ...
10 months ago Packetstormsecurity.com
ProcessUnity Introduces Industry's All-In-One Third-Party Risk Management Platform - PRESS RELEASE. BOSTON-(BUSINESS WIRE)- ProcessUnity, provider of comprehensive end-to-end third-party risk management and cybersecurity solutions to leading enterprises, today announced the completed integration of the Global Risk Exchange. The newly ...
9 months ago Darkreading.com
Polish train maker denies claims it geofenced trains The Register - A trio of Polish security researchers claim to have found that trains built by Newag SA contain software that sabotages them if the hardware is serviced by competitors. Newag, a Polish train maker, emphatically denied that it installed such software ...
10 months ago Go.theregister.com
Check if you're in Google Chrome's third-party cookie phaseout test - Google has started testing the phasing out of third-party cookies on Chrome, affecting about 1% of its users or approximately 30 million people. Learn how to check if you are part of the initial test. Third-party cookies, which track users' browsing ...
9 months ago Bleepingcomputer.com
What Are the Cybersecurity Threats When Allowing Third-Party Cookies on Mac? - Let's explore the dangers of allowing third-party cookies on a Mac. Let's learn what third-party cookies are. Third-party cookies are small files that websites use to track your activity. These cookies can follow you across multiple sites, gathering ...
4 months ago Securityboulevard.com
Third-party breaches hit 90% of top global energy companies - A new report from SecurityScorecard reveals a startling trend among the world's top energy companies, with 90% suffering from data breaches through third parties over the last year. This sheds light on the need for these energy companies to adopt a ...
9 months ago Securityintelligence.com
How to manage third-party risk in the cloud - The increasing levels of access and integration within cloud environments create risks and potential new avenues of compromise for cloud customers. Organizations can hope their cloud service providers are secure, but that's not always the case. It's ...
7 months ago Techtarget.com
Why Have Big Cybersecurity Hacks Surged in 2023? - Payments made to hackers who hold systems hostage for ransom increased by almost half through September, according to blockchain analytics firm Chainalysis Inc., totaling almost $500 million in payouts. In just the past few months, hackers have ...
10 months ago Bloomberg.com
Attack of the copycats: How impostor apps and fake app mods could bite you - Instant communication services are among the most popular apps on iOS and Android alike - US non-profit operation Signal has an estimated 40 million users, with the figure rising to 700 million for Telegram, another open-source messaging service. ...
9 months ago Welivesecurity.com
Threat landscape for industrial automation systems. H2 2023 - In the second half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased by 2.1 pp to 31.9%. Percentage of ICS computers on which malicious objects were blocked, by half year. In H2 2023, building automation once ...
7 months ago Securelist.com
Third-Party Security Assessments: Vendor Risk Management - As businesses rely more heavily on external vendors to provide critical services and support, the importance of effective vendor risk management strategies becomes paramount. This article explores the significance of third-party security assessments, ...
9 months ago Securityzap.com
Third-party risk management best practices and why they matter - With organizations increasingly relying on third-party vendors, upping the third-party risk management game has become imperative to prevent the fallout of third-party compromises. SecurityScorecard recently found that 98% of organizations are ...
9 months ago Helpnetsecurity.com
Hacker Conversations: Chris Evans, Hacker and CISO - Chris Evans is CISO and chief hacking officer at HackerOne. SecurityWeek's Hacker Conversations series seeks to understand the mind and motivations of hackers by talking to hackers. Evans challenges the common perception of both hackers and their ...
4 months ago Securityweek.com
The Most Dangerous People on the Internet in 2023 - It was a banner year for chaos, present and impending, and all reflected in the digital mirror. Each year, WIRED assembles a list of the most dangerous people, groups, and organizations on the internet-both those who intentionally endanger innocent ...
10 months ago Wired.com
Feds Disrupt Botnet Used by Russian APT28 Hackers - Federal law enforcement kicked Russian state hackers off a botnet comprising at least hundreds of home office and small office routers that had been pulled together by a cybercriminal group and co-opted by the state-sponsored spies. APT28, an ...
8 months ago Securityboulevard.com
Fidelity Faces Second Data Breach Linked to Third-Party Provider: Infosys McCamish - Fidelity Investments Life Insurance Company faces another data breach challenge as it discloses a breach affecting a significant number of individuals. The breach, linked to third-party service provider Infosys McCamish, heightens worries over data ...
7 months ago Cysecurity.news
Holiday Hackers: How to Safeguard Your Service Desk - Hackers really don't take holidays, but they will take advantage of them. Many of these cyberattacks will zero in on the service or help desk to gain entry into network systems. Recovering accounts because of forgotten passwords is one of the ...
11 months ago Bleepingcomputer.com
Cybersecurity Crisis Looms: FBI Chief Unveils Chinese Hackers' Plan to Target US Infrastructure - As the head of the FBI pointed out Wednesday, Beijing was positioning itself to disrupt the daily lives of Americans if there was ever a war between the United States and China if it were to plant malware to damage civilian infrastructure. U.S. ...
9 months ago Cysecurity.news
CISA: Hackers Use ColdFusion Flaw to Breach Federal Agency - A security flaw in Adobe's ColdFusion application development tool that was patched in March continues to be a headache for organizations running unpatched versions of the product. This week, the U.S. Cybersecurity and Infrastructure Security Agency ...
11 months ago Securityboulevard.com
Hackers breach Australian court hearing database - The court system for Australia's second-most-populated state was hit by a ransomware attack that potentially exposed sensitive recordings of some court hearings. Court Services Victoria, an administrative body that supports the operations of the ...
10 months ago Therecord.media
Infosec products of the month: June 2024 - Designed with managed security service providers in mind, Plainsea offers a comprehensive cybersecurity platform that streamlines service delivery, enhances collaboration, and provides unparalleled visibility into the threat landscape. Plainsea ...
4 months ago Helpnetsecurity.com
HP CEO Says They Brick Printers That Use Third-Party Ink Because of Hackers - Last Thursday, HP CEO Enrique Lores addressed the company's controversial practice of bricking printers when users load them with third-party ink. That frightening scenario could help explain why HP, which was hit this month with another lawsuit over ...
9 months ago Wired.com
FBI disrupts Moobot botnet used by Russian military hackers - The FBI took down a botnet of small office/home office routers used by Russia's Main Intelligence Directorate of the General Staff in spearphishing and credential theft attacks targeting the United States and its allies. This network of hundreds of ...
8 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)