Right to Repair is a main concern in automobiles, the place automakers do every part they will to forestall unbiased outlets from with the ability to repair new automobiles — forcing homeowners again to dealerships for service. But automobiles, it appears, have it simple. Hackers out of Poland discovered that trains get far, far worse.
A Polish practice restore firm known as SPS had a longstanding concern with the Impuls collection of trains from producer Newag. When the corporate serviced these trains, all of them shut down and refused to start out — not from mechanical points, however from digital issues. SPS consulted the hacker group Dragon Sector, who discovered that this was intentional performance from Newag. Dragon Sector spoke with 404 Media, and had this to say:
The hiring of Dragon Sector was a final resort: “In 2021, an independent train workshop won a maintenance tender for some trains made by Newag, but it turned out that they didn’t start after servicing,” Dragon Sector advised me. “[SPS] hired us to analyze the issue and we discovered a ‘workshop-detection’ system built into the train software, which bricked the trains after some conditions were met (two of the trains even used a list of precise GPS coordinates of competitors’ workshops). We also discovered an undocumented ‘unlock code’ which you could enter from the train driver’s panel which magically fixed the issue.”
…
“These trains were locking up for arbitrary reasons after being serviced at third-party workshops. The manufacturer argued that this was because of malpractice by these workshops, and that they should be serviced by them instead of third parties,” Bazański, who goes by the deal with q3k, posted on Mastodon. “After a certain update by NEWAG, the cabin controls would also display scary messages about copyright violations if the human machine interface detected a subset of conditions that should’ve engaged the lock but the train was still operational. The trains also had a GSM telemetry unit that was broadcasting lock conditions, and in some cases appeared to be able to lock the train remotely.”
The line about copyright stands out, as a result of that’s the one actual enforcement out there to producers. OEMs personal copyrights on their code, and declare that repairers are altering it — tampering with their mental property. But when the code tells a complete practice to close down, placing it out of service and interfering with the lives of commuters, can you actually blame anybody for tampering?
Source: jalopnik.com