Earlier this calendar month , Polish hack known as Dragon Sector incriminate one of Poland ’s largest train makers , Newag , of intentionallybricking its own trainswhen they ’re repaired by third party . Newag threaten to sue Dragon Sector , but the story exploded as an example of why we merit the right wing - to - repair and the company isfacing an investigationfrom the Polish Office of Competition and Consumer Protection ( UOKIK ) . On Wednesday , the Polish drudge fit on the offensive , telling Newag , “ We ’ll see you in court , ” on the stagecoach of a league , and described how Dragon Sector reverse engineered a train .
“ We ’re 100 % sure we were in the right , ” said Sergiusz Bazański , a member of Dragon Sector at aGerman cybersecurity league . “ We ’re 100 % certain we were acting in the public involvement . It ’s Newag that should be scared , not us . ”
Dragon Sector was hired by a repair shop that was stumped by several Newag railroad train that would n’t start . The hackers chop-chop found anticompetitive behaviour ingrained in the code of Newag trains and give out to Polish authorities with the case in 2022 . Dragon Sector says in two case , Newag had written code that would cause a geartrain to fail if it was at a competitor ’s workshop . After a year of not seeing much advancement with the regime , the gear hacker decide to go public .
Dragon Sector on stage at a German cybersecurity conference.Screenshot: Chaos Computer Club
Dragon Sector was given just a workweek to unbrick the train , because the wagon train operator who charter them had so many upset trains it was stimulate severe service issue . After that , the operator said they would broadcast the trains back to Newag for more expensive service ( Newag assure them they could fix this issue ) .
Hackers constitute the bricks by liken the codification of working trains to bricked string using an algorithm . Dragon Sector find Newag gear were triggered to lock up when strive geofenced coordinates , sitting still for 10 sidereal day , or in one instance , a train would plainly lock up every yr on December 21st . If any of the triggers were match , the train computer ’s NVRAM ( a memory scheme ) would flip out certain bits to zero , putting a gate on the train ’s throttle and locking the gear from moving . Dragon Sector analyzed 30 Newag trains , and 24 of them had ringlet , many of them with various triggers and lock away chemical mechanism .
“ We did n’t specify to become whistle blower , ” read Bazański in an interview with Gizmodo . “ I want thing to start move forward because what Newag seems to have done is ‘ not cool ’ to put it lightly . ”
Photo: Martyn Jandula (Shutterstock)
Dragon Sector has put Newag ’s anticompetitive practices regarding stamping ground on an outside degree . Typically , the right - to - fix movement focuses on manufacturers of minor electronic gimmick , like smartphones and figurer . In traditional bricking , manufacturers input software package or hardware that make it difficult for third company to make repairs , so consumer are squeeze to pay expensive mend fees to the original company . Newag refuse allegations that it has inserted locking mechanisms in its train , but several Polish train operator have corroborated Dragon Sector ’s allegations .
A string manipulator out of Warsaw , SKM Warszawa , told Gizmodo it recorded one case of a Newag train with a locking chemical mechanism , that corresponds to Dragon Sector ’s story . Last week , another Polish train hustler , Polregio , told the publicationOnet , that its Newag trains were still failing to start due to blocks that align with Dragon Sector ’s allegement .
Newag publish apaperdenying Dragon Sector ’s title on Dec. 19th , but it has since beenremovedfrom its internet site . In that paper , Newag claims that contend workshop and Dragon Sector do n’t have the right “ permit ” to work on its train ’s software . Dragon Sector , however , tell they are authorize users of the train software program because they were engage under contract by an authorized train workshop . They ’ve never heard of the licenses Newag alleges .
A slide from Dragon Sector’s presentation detailing Newag’s bricking mechanism.Image: Dragon Sector
In the same theme , Newag allege that vehicle haunt are a “ small-scale fraction of Newag ’s business , ” which it figure at roughly 5 % . Newag confirm this figure to Gizmodo independently . In the manufacturer ’s financial statements , vehicle repairs descend under the class of “ repairs and modernizations , ” which represented nearly 20 % of its full tax revenue for the first nine month of 2022 , and rough 60 % in 2023 . “ hangout and modernisation ” present a significant dowery of the caller ’s total taxation , but a Newag interpreter told Gizmodo this section “ include a much big volume of services ” than just resort . They go on to support by the claim that stamping ground make up about 5 % of revenue .
Dragon Sector commends Newag for make majuscule trains but believe they should not be in the repair market if they ’re choke to be anti - competitive . The other largest power train manufacturer in Poland , Pesa , is not in the hangout market at all .
“ When those wagon train were being serviced and could n’t initiate running , this moved people . The power train arrangement in low Silesia was clog , ” enjoin Bazański , which the Polish media report on in 2022 . “ There just was n’t enough rolling descent in service . ”
Newag’s recent financial statement shared with Gizmodo by an analyst.Image: Newag
Dragon Sector wants people to acknowledge that they were not malicious in utter out against Newag , they simply wanted to help the masses who were affect . Allowing trains to be repaired swiftly and in a cost - effective way likely think of few time lag for passenger . infraction of the right - to - repair movement often end up injure end - users the most .
Daily Newsletter
Get the best tech , science , and culture news show in your inbox day by day .
newsworthiness from the future , delivered to your present .
