•

Train manufacturer intentionally bricks trains serviced by independent service providers

q3k :blobcatcoffee: (@q3k@hackerspace.pl)

https://social.hackerspace.pl/@q3k/111528162462505087

Attached: 1 image I can finally reveal some research I've been involved with over the past year or so. We (@redford@infosec.exchange, @mrtick@infosec.exchange and I) have reverse engineered the PLC code of NEWAG Impuls EMUs. These trains were locking up for arbitrary reasons after being serviced at third-party workshops. The manufacturer argued that this was because of malpractice by these workshops, and that they should be serviced by them instead of third parties. 1/4

q3k :blobcatcoffee: (@q3k@hackerspace.pl)

Polish train manufacturer that lost servicing tender programmed train controller to brick itself after train stays for some time in 6 ISP facilities or in 1 their faculity(for testing?) until undocumented button combination is pressed. Some controller versions brick itself after train is idle for 10 days. After news about this became public, manufacturer removed ability to unlock train by button combination.

Also manufacturer is able to remotely brick train over internet(connected via GSM) at any time.

Full versions: Polish(original), Russian

13 comments

teft

•

Sounds like Poland is going to have to nationalize a train manufacturer.

regul

•

A faction other than the right would have to form a government.

Zippy

•

I would not take this as proof. A third party company was being penalized significant fees because they were not meeting their contractual requirements to keep the trains running. Newag completely denies it suggesting maintenance makes up only 5 percent of their revenue. Also stated was that they controls have no connection to the internet which is a likely design requirement. Negating some of the claims.

Not suggesting they are not at fault but it appears multiple companies have a stake in this. There likely is no digital fingerprint on the PLC software modifications so if some devious code is found, would be hard to show who did it and when. There is possibilities to check all trains and if for example no faulty code was found on trains that were never maintained by company xyz, then that may create some suspicion on a different company. If code found on every train...

I wouldn't discount anything. Even Newag.

lnxtx

•

This is not the Russia :)

uis

•

Exactly why Ponald can natonalize. In Russia Putin's friend would privatize rail company

rxbudian

•

Who's the manufacturer?

uis

•

Newag

moistclump

•

What is “brick”?

aido

•

To render something as useful/active as a brick

moistclump

•

For a second there I thought it was putting a brick on the track to derail the train.

uis

•

Yes, but without derailing part

uis

•

To make impossible to use, unresponsive.

Nyvios

•

To disable