Hackers accused train manufacturer Newag of “breaking” its trains when attempting to repair them on their own

A group of Polish “white” hackers, Dragon Sector, has accused the Polish rolling stock manufacturer Newag of “breaking down” when third-party companies try to repair its trains. The manufacturer accuses the hackers of slander, writes Ars Technica.

The hackers were invited by the train repair shop Serwis Pojazdów Szynowych (SPS) to analyze the train software. SPS was desperate to find out what was causing the “mysterious glitches” that had brought several vehicles belonging to Polish railroad operator Koleje Dolnośląski to a standstill. At that time, the shortage of trains had already become a “serious problem” for the carrier.

Dragon Sector hackers spent two months analyzing the software, finding that “manufacturer interference” led to “forced failures and the fact that trains did not start.” The hackers concluded that the blocking of the trains “was a deliberate action on the part of Newag.”

According to Dragon Sector, Newag entered a code into the Impuls train control systems to stop the trains from running if the GPS tracker showed that the train had been in an independent repair shop for several days.

“The trains “were given the logic that they would not move if they were parked in a specific location in Poland, and these locations were the service hall of SPS and the halls of other similar companies in the industry,” Dragon Sector’s team alleged. “Even one of the SPS halls, which was still under construction, was included.”

In addition, trains were allegedly “turned into bricks” if “some replaced components did not have a serial number approved by the manufacturer.”

For its part, Newag denies developing any “workshop detection” software that caused the “deliberate disruptions” and threatens to sue Dragon Sector for defamation and violation of hacking laws.

“We categorically deny and negate Newag’s uploading of any functionality in vehicle control systems that limits or prevents the proper operation of vehicles, as well as limiting the group of entities that can provide maintenance or repair services,” Newag’s statement said.

According to Newag, Dragon Sector’s report shouldn’t be trusted because it was commissioned by one of Newag’s biggest competitors.

“No evidence was provided that our company intentionally installed the faulty software. In our opinion, the truth may be completely different—that, for example, the competition interfered with the software,” Newag president Zbigniew Konieczek said.

Dragon Sector claims to have proof of its findings. What’s more, Dragon Sector allegedly started the broken trains after discovering an “undocumented ‘unlock code’ that can be entered from the driver’s panel and magically solved the problem.”

The right to self-repair has long been a stumbling block and the cause of numerous lawsuits by consumers against device manufacturers around the world. One of the most famous confrontations of this kind is between American farmers and tractor manufacturers John Deere. In January 2023, the farmers won the case and received the right to repair their own equipment within the United States.

Recently, The Right to Repair Act was passed in California, and soon self-repair of Apple equipment will be available to customers across the United States.