A polish hacker found out why trains did stop working. The manufacterer implemented a hidden electronic switch, which automatically activated after trains were serviced by a different company.

  • BombOmOm@lemmy.world
    link
    fedilink
    English
    arrow-up
    198
    ·
    1 year ago

    the PLC code actually contained logic that would lock up the train with bogus error codes after some date

    I hope they sue the manufacturer.

    • maynarkh@feddit.nl
      link
      fedilink
      English
      arrow-up
      146
      ·
      1 year ago

      I hope messing with critical public infrastructure carries criminal not civil penalties, with people going to jail.

      • Steve@startrek.website
        link
        fedilink
        English
        arrow-up
        29
        arrow-down
        5
        ·
        1 year ago

        Idk about Poland but in america a corporation is a person yet it cant be put in jail so only civil penalties are possible and the employees are mostly immune

        • jmcs@discuss.tchncs.de
          link
          fedilink
          English
          arrow-up
          13
          ·
          1 year ago

          Corporations are people in the legal sense everywhere (i.e. they are subjects of the law with rights and duties). The novelty in the US is that the archaic constitution allowed the US Supreme Court to be creative in assigning rights that every other country assigns only to natural persons to legal persons. In the case of Poland, for example, the constitution explicitly mentions legal persons when rights are supposed to apply to corporations too.

        • CJOtheReal@ani.social
          link
          fedilink
          English
          arrow-up
          7
          arrow-down
          1
          ·
          1 year ago

          You can’t put a company in jail but definitely the asshole that gave the order to do that…

  • ArbiterXero@lemmy.world
    link
    fedilink
    English
    arrow-up
    82
    ·
    1 year ago

    Can we now finally say that drm sucks and any/all attempts to override it are reasonable because it’s broken by design?

  • Aussiemandeus@aussie.zone
    link
    fedilink
    English
    arrow-up
    54
    ·
    1 year ago

    Yeah manufacturers are getting out of hand with this kind of shit.

    Machines are being made now to be unserviceable except with the manufacturer attending.

  • tal@lemmy.today
    link
    fedilink
    English
    arrow-up
    37
    arrow-down
    3
    ·
    edit-2
    1 year ago

    The trains also had a GSM telemetry unit that was broadcasting lock conditions, and in some cases appeared to be able to lock the train remotely.

    So, it sounds like this remote lock is speculation, so I’m not gonna say that this is actually the case here, and I don’t know how trustworthy the source here is.

    But, speaking in general: an additional problem with sticking back doors in products is that someone else may discover them and exploit them, and the uses to which they may put them may be considerably less-pleasant than whatever the purpose that the manufacturer had in sticking them in.

    Just earlier this year, we had articles about this incident with Polish trains. That wasn’t a back door in that it wasn’t particularly hidden, but it was a way to do remote radio control of Polish trains, and sure enough, when someone who wanted to create trouble with it discovered it, it got used to cause problems for Polish train operators.

    https://www.wired.com/story/poland-train-radio-stop-attack/

    The Cheap Radio Hack That Disrupted Poland’s Railway System

    The sabotage of more than 20 trains in Poland by apparent supporters of Russia was carried out with a simple “radio-stop” command anyone could broadcast with $30 in equipment.

    • sanpo@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      41
      ·
      edit-2
      1 year ago

      It wasn’t a back door, it was a safety feature working as designed. IIRC it didn’t have any modern security implemented, because it’s very old.

      Also, the link from the OP doesn’t mention that, but the trains in this story had locations of competitors’ repair centers coded in, and were apparently set to auto-lock if they detected sitting in one for more than 10 days…

  • albert180@feddit.de
    link
    fedilink
    English
    arrow-up
    16
    ·
    edit-2
    1 year ago

    Well I guess in the next tender they will add a paragraph for “No Killswitches allowed”

  • someguy3@lemmy.ca
    link
    fedilink
    English
    arrow-up
    13
    arrow-down
    2
    ·
    1 year ago

    Newag S.A. [pronounced: nevag] is a Polish company, based in Nowy Sącz, specialising in the production, maintenance, and modernisation of railway rolling stock. The company’s products include the 14WE, 19WE, 35WE types electric multiple units; it has also developed the Nevelo tram.[2]

    • federalreverse-old@feddit.de
      link
      fedilink
      English
      arrow-up
      28
      ·
      edit-2
      1 year ago

      Somehow this is the worst bit – a Polish company fucks the Polish state railway operator because of greed. If they’d done this in another country, there might have been some international repercussions etc. but they opted to burn their name in their own home country. This being found by random hackers is actually the best way for Newag for this affair to become public. This could have been so much worse.

      • someguy3@lemmy.ca
        link
        fedilink
        English
        arrow-up
        7
        arrow-down
        1
        ·
        1 year ago

        Yup instead of the “I guess that third party repair really fucked up huh”