In one of the coolest and more outrageous repair stories in quite some time, three white-hat hackers helped a regional rail company in southwest Poland unbrick a train that had been artificially rendered inoperable by the train’s manufacturer after an independent maintenance company worked on it. The train’s manufacturer is now threatening to sue the hackers who were hired by the independent repair company to fix it.
After breaking trains simply because an independent repair shop had worked on them, NEWAG is now demanding that trains fixed by hackers be removed from service.
I wonder if they were taking notes from John Deere and the automotive industry or will it be the reverse here soon?
Just imagine all these vehicles that could be bricked for not going back to the stealerships for outrageous prices on parts and incompetent service.
Also the vehicles that could be disabled for not paying for device protection plan that allows your vehicle to operate safely. It would be a shame if your vehicle stopped working on your way to work or the hospital.
I suspect Tesla, BMW, and John Deere are the closest to this reality.
I sure hope the government doesn’t help with another great cash for clunkers national program to get rid of more cars too old for these measures. Sure is a great way to drive new car sales though…
Steam engine breaks, you can fix it.
Steam engine with digital circuit breaks, you’re a hacker, a pirate. DRM was a mistake.
But how else could companies make more money off of something you already paid for? Will someone think of the shareholders‽
That’s awesome. Man, fuck that company. Bricking a train? Outrageous.
Poland ought to ban that company from ever working or operating or selling any products inside of its country and any trains made by that company that are not currently owned by Poland should be prevented from traveling on the tracks that cross through Poland.
This is the kind of government intervention I can get behind. This story is so outrageous, it’s hard to believe it’s true.
SPS became desperate and Googled “Polish hackers” and came across a group called Dragon Sector, a reverse-engineering team made up of white hat hackers.
Hilarious. I hope 404 continues with this level of high quality journalism.
Dragon sector, who they hired, is a security capture the flag team.
Edit: Socials of those who worked on it
https://social.hackerspace.pl/@q3k
https://infosec.exchange/@mrtick
https://infosec.exchange/@redfordTIL that [security CTF](https://en.m.wikipedia.org/wiki/Capture_the_flag_(cybersecurity\)) is
an exercise in which participants attempt to find text strings, called “flags”, which are secretly hidden in purposefully-vulnerable programs or websites
Never heard of this and I may not be alone in that. Thanks for pointing this out.
https://badcyber.com/dieselgate-but-for-trains-some-heavyweight-hardware-hacking/ link for very detailed description of this story, highly recommend the read!
I like how, instead of recognizing that they got caught, now the train manufacturer is claiming this is some kind of dark PR strategy.
If it is, then please show the public that it’s a dark PR strategy by explaining the hidden unlock codes and the DRM code!
deleted by creator
The person is doing a talk about it in hamburg, germany (37c3) next week. Its on my to watch list because that sounds hella interresting.
Edit : 37c3 list of talks : https://halfnarp.events.ccc.de/#dec115da17562cebafa9ba7a150a4fc607c25c880c03593dcc8da6087c9441a4
That actually does sound hella interesting. I’m saving your comment to try to remember but actually look it up in about two years when I scroll back though my saved posts.
deleted by creator
Removed by mod
This story should be on every newspaper front page right below war correspondents.
Yeah, especially in the EU where apparently their laws regarding circumventing DRM might make the people who fixed this the bad guys instead of this comically evil manufacturer who put GPS kill switches on public passenger trains.
right below war correspondents
Eh, they should report war on the same page as the weather if you ask me.
Let us know what country you’re in, so the next time you’re invaded and genocided we’ll remember it’s barely as important as the weather forecast.
“We didn’t add a kill switch to our trains to force the use of our maintenance service, but fuck the hackers that removed the kill switch we didn’t implement, and the trains that were hacked and don’t have the kill switch we didn’t add should be removed from service.”
Dear Reader,
Regarding your recent free and non-profitable un-fucking of our problem, please use the honor system and manually refuck yourself.
Love, Technology Companies.
Someone’s gonna figure out a horror movie for this called The Refucker
Artificially bricked?! Who the hell keeps giving Viagra to trains? Evil bastards.
