A polish hacker found out why trains did stop working. The manufacterer implemented a hidden electronic switch, which automatically activated after trains were serviced by a different company.

  • @sanpo@sopuli.xyz
    link
    fedilink
    English
    42
    edit-2
    6 months ago

    It wasn’t a back door, it was a safety feature working as designed. IIRC it didn’t have any modern security implemented, because it’s very old.

    Also, the link from the OP doesn’t mention that, but the trains in this story had locations of competitors’ repair centers coded in, and were apparently set to auto-lock if they detected sitting in one for more than 10 days…

    • chaogomu
      link
      fedilink
      166 months ago

      So, locking out repairs for anything they would have to order parts for.

      I’m guessing that they’re using some sort of custom size for their bolts and tolerances in the train. The competitors likely have the standard sizing for parts on hand, and any custom part would need to be ordered in. Likely from the same supplier.

      Since they know their supplier’s order return timing, they can set up the kill switch when they know that the train will be sitting in a yard awaiting parts.

      Scummy as fuck.

      • @skillissuer
        link
        English
        25
        edit-2
        6 months ago

        it worked like this: public tenders for trains and its servicing are separate. at first, newag claimed that service documentation is their super secret IP and they can’t disclose it. european railway authority however basically said that no, fuck you, you as a manufacturer have to disclose it. so they did, it’s a 20k page thick book, and now other workshops (with all certs and so on) can compete in tender. while monopoly lasted, they could call whatever price they wanted and operators would pay anyway. smaller workshops just outcompeted them because they don’t have dozen c-suite to pay

        newag of course didn’t like it and there comes the fuckery. what they did, among others, is they put logic that would prevent DC-AC converters from turning on if train spends 10d+ in one of hardcoded areas, these places being competing workshops. another mysterious thing was gsm modem that could (possibly) brick train remotely in the same way. later corporate would just claim that no one else can fix these trains, call competition unqualified, and grab severely overpriced servicing contracts. that is, until somebody actually looked inside. mechanically and electrically train was fully working, but it was just locked by software

        i guess this will make some national and european regulators and agencies verry interested. here you have more technical details (article in polish) https://zaufanatrzeciastrona.pl/post/o-trzech-takich-co-zhakowali-prawdziwy-pociag-a-nawet-30-pociagow/ it will be also topic of a talk at 37C3