Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Categories
Random page
Top Contributors
Recent changes
Contribute
Create a page
How to help
Wiki policy
Adapt videos to articles
Articles in need of work
Help
Frequently asked questions
Join the discord!
Help about MediaWiki
Consumer_Action_Taskforce
Search
Search
Appearance
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
Newag backdoor
(section)
Page
Discussion
English
Read
Edit
Edit source
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
Edit source
View history
Purge cache
General
What links here
Related changes
Special pages
Page information
Cargo data
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Anti-competitive practices== In 2022, a regional Polish train operator commissioned a third-party repair service - '''SPS''' - to complete maintenance on Impuls trains<ref name=":0">https://badcyber.com/dieselgate-but-for-trains-some-heavyweight-hardware-hacking/</ref>. The repair service could not, however, bring the trains to move despite them being in working order. This, alongside accusations of "interfering with the trains' security systems"<ref>https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=227</ref> by Newag caused a tarnishing of SPS's reputation.<ref>https://www.youtube.com/watch?v=IXlYjgVpVIg</ref><ref name=":0" /> In 2023, however, a group of Polish cybersecurity experts from Dragon Sector,<ref name=":0" /><ref>https://dragonsector.pl/</ref> after being hired by SPS, disclosed findings that a number of lock-up mechanisms were placed in the trains' software.<ref>https://media.ccc.de/v/38c3-we-ve-not-been-trained-for-this-life-after-the-newag-drm-disclosure#t=691</ref><ref>https://social.hackerspace.pl/@q3k/111528162462505087</ref><ref>https://arstechnica.com/tech-policy/2023/12/manufacturer-deliberately-bricked-trains-repaired-by-competitors-hackers-find/?utm_source=chatgpt.com</ref> These allegedly include: #'''A "lack of movement timer"''', which would disable the train after it has not moved for a set amount of time.<ref>https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=1625</ref> #'''Geofencing''' - the train would disable itself once it detects that it is in one of Newag's competitors' workshops.<ref>[https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=1685 https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=1713]</ref><ref name=":1">https://media.ccc.de/v/38c3-we-ve-not-been-trained-for-this-life-after-the-newag-drm-disclosure#t=1293</ref><ref>https://social.hackerspace.pl/@q3k/111528162462505087</ref> #'''Serializing''' the CAN bus extension device of the train, disabling it if a change in the CAN's serial number is detected.<ref>https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=1814</ref> #'''A date check,''' which would cause the train to lock up if it was not serviced by Newag before the 21st of November 2022, claiming compressor failure.<ref name=":2">https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=1891</ref> The geofencing mechanism has later been shown to allegedly be the cause of disruptions on a connection serviced by Impuls trains, having them disable themselves when passing near one of the geofenced locations.<ref name=":1" /> The date check, meanwhile, was poorly implemented, and would only cause the train to be locked from 11/21 to 12/1 and from 12/21 to 1/1 each year after 2021.<ref name=":2" /><ref>https://wiadomosci.onet.pl/kraj/skandal-na-kolei-pociag-newagu-stanal-bo-znowu-nadszedl-21-grudnia/41mdspf?utm_source=www.qwant.com_viasg_wiadomosci&utm_medium=referal&utm_campaign=leo_automatic&srcc=undefined&utm_v=2</ref><ref name=":3">https://www.rynek-kolejowy.pl/wiadomosci/impuls-zepsul-sie-z-powodu-21-grudnia-mamy-stanowisko-newagu--116695.html</ref> Newag firmly denies any claims of wrongdoing, releasing multiple statements<ref name=":3" /> claiming the findings of Dragon Sector, as well as reports from media outlets, are "slander" from their competition, "which is conducting an illegal campaign of black PR against us."<ref name=":4">https://www.railjournal.com/fleet/newag-comes-out-fighting-in-claims-over-foul-play/</ref> Newag claims they "have not, do not and will not introduce" any software locks.<ref name=":4" /> The statements also implied an attempt to "undermine Newag's market position".<ref name=":3" /> The investigation against Newag is still on-going.
Summary:
Please note that all contributions to Consumer_Action_Taskforce are considered to be released under the Creative Commons Attribution-ShareAlike 4.0 International (see
Consumer Action Taskforce:Copyrights
for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource.
Do not submit copyrighted work without permission!
To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:
Cancel
Editing help
(opens in new window)
