Newag backdoor: Difference between revisions

(7 intermediate revisions by 6 users not shown)

Line 1:

{{~~Under Development~~|~~date~~=~~15 January 2025~~|~~stage~~=~~Writing~~|~~priority~~=~~Medium to Low~~}}

{{InfoboxCompany

| Company = Newag S.A.

| Type = Manufacturer

| Founded = 1876

| Industry = Rail

| Official Website = https://www.newag.pl/

| Logo = Newag Group logo.svg

|Name=}}

'''Newag S.A.''' (pronounced ''"nevag"'') is a Polish company based in Nowy Sącz that specializes in the production, maintenance, and modernization of railway rolling stock.<ref>https://www.newag.pl/en/company/history/</ref>

'''{{wplink|Newag|Newag S.A.}}''' (pronounced ''"nevag"'') is a publicly traded<ref>https://www.gpw.pl/company-factsheet?isin=PLNEWAG00012</ref> Polish company based in {{wplink|Nowy Sącz}} that specializes in the production, maintenance, and modernization of railway rolling stock.<ref>https://www.newag.pl/en/company/history/</ref> Their most notable products include: the families of electric locomotives '''Griffin'''<ref>https://www.newag.pl/en/offer/griffin/</ref><ref>https://twojsacz.pl/kolejne-lokomotywy-griffin-z-nowego-sacza-trafily-do-pkp-intercity/</ref> and '''Dragon''',<ref>https://www.newag.pl/en/offer/dragon/</ref> as well as the '''Impuls''' family of multiple units.<ref>https://www.newag.pl/en/offer/impuls/</ref>

== ~~Backdoor Incident~~ ==

==Anti-competitive practices==

In 2022, ~~when maintenance was done on trains manufactured by~~ '''~~Newag~~''', ~~malicious code and backdoors were discovered which were found~~ to ~~make~~ the trains ~~break down after third~~-~~party repairs~~, ~~prevent them~~ from ~~entering a competitors workshop and also stop working~~ after a ~~set amount~~ of ~~time standing still~~.<ref>https://arstechnica.com/tech-policy/2023/12/manufacturer-deliberately-bricked-trains-repaired-by-competitors-hackers-find/?utm_source=chatgpt.com</ref> ~~The investigation against '''Newag''' is still on-going.~~

In 2022, a regional Polish train operator commissioned a third-party repair service - '''SPS''' - to complete maintenance on Impuls trains<ref name=":0">https://badcyber.com/dieselgate-but-for-trains-some-heavyweight-hardware-hacking/</ref>. The repair service could not, however, bring the trains to move despite them being in working order. This, alongside accusations of "interfering with the trains' security systems"<ref>https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=227</ref> by Newag caused a tarnishing of SPS's reputation.<ref>https://www.youtube.com/watch?v=IXlYjgVpVIg</ref><ref name=":0" /> In 2023, however, a group of Polish cybersecurity experts from Dragon Sector,<ref name=":0" /><ref>https://dragonsector.pl/</ref> after being hired by SPS, disclosed findings that a number of lock-up mechanisms were placed in the trains' software.<ref>https://media.ccc.de/v/38c3-we-ve-not-been-trained-for-this-life-after-the-newag-drm-disclosure#t=691</ref><ref>https://social.hackerspace.pl/@q3k/111528162462505087</ref><ref>https://arstechnica.com/tech-policy/2023/12/manufacturer-deliberately-bricked-trains-repaired-by-competitors-hackers-find/?utm_source=chatgpt.com</ref> These allegedly include:

== ~~Sources~~ ==

#'''A "lack of movement timer"''', which would disable the train after it has not moved for a set amount of time.<ref>https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=1625</ref>

<~~references~~ />

#'''Geofencing''' - the train would disable itself once it detects that it is in one of Newag's competitors' workshops.<ref>[https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=1685 https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=1713]</ref><ref name=":1">https://media.ccc.de/v/38c3-we-ve-not-been-trained-for-this-life-after-the-newag-drm-disclosure#t=1293</ref><ref>https://social.hackerspace.pl/@q3k/111528162462505087</ref>

#'''Serializing''' the CAN bus extension device of the train, disabling it if a change in the CAN's serial number is detected.<ref>https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=1814</ref>

#'''A date check,''' which would cause the train to lock up if it was not serviced by Newag before the 21st of November 2022, claiming compressor failure.<ref name=":2">https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=1891</ref>

The geofencing mechanism has later been shown to allegedly be the cause of disruptions on a connection serviced by Impuls trains, having them disable themselves when passing near one of the geofenced locations.<ref name=":1" /> The date check, meanwhile, was poorly implemented, and would only cause the train to be locked from 11/21 to 12/1 and from 12/21 to 1/1 each year after 2021.<ref name=":2" /><ref>https://wiadomosci.onet.pl/kraj/skandal-na-kolei-pociag-newagu-stanal-bo-znowu-nadszedl-21-grudnia/41mdspf?utm_source=www.qwant.com_viasg_wiadomosci&utm_medium=referal&utm_campaign=leo_automatic&srcc=undefined&utm_v=2</ref><ref name=":3">https://www.rynek-kolejowy.pl/wiadomosci/impuls-zepsul-sie-z-powodu-21-grudnia-mamy-stanowisko-newagu--116695.html</ref>

Newag firmly denies any claims of wrongdoing, releasing multiple statements<ref name=":3" /> claiming the findings of Dragon Sector, as well as reports from media outlets, are "slander" from their competition, "which is conducting an illegal campaign of black PR against us."<ref name=":4">https://www.railjournal.com/fleet/newag-comes-out-fighting-in-claims-over-foul-play/</ref> Newag claims they "have not, do not and will not introduce" any software locks.<ref name=":4" /> The statements also implied an attempt to "undermine Newag's market position".<ref name=":3" />

The investigation against Newag is still on-going.

==References==

@@ Line 1: / Line 1: @@
-{{Under Development|date=15 January 2025|stage=Writing|priority=Medium to Low}}
+{{StubNotice}}
+{{InfoboxCompany
+| Company = Newag S.A.
+| Type = Manufacturer
+| Founded = 1876
+| Industry = Rail
+| Official Website = https://www.newag.pl/
+| Logo = Newag Group logo.svg
+|Name=}}
-'''Newag S.A.''' (pronounced ''"nevag"'') is a Polish company based in Nowy Sącz that specializes in the production, maintenance, and modernization of railway rolling stock.<ref>https://www.newag.pl/en/company/history/</ref>
+'''{{wplink|Newag|Newag S.A.}}''' (pronounced ''"nevag"'') is a publicly traded<ref>https://www.gpw.pl/company-factsheet?isin=PLNEWAG00012</ref> Polish company based in {{wplink|Nowy Sącz}} that specializes in the production, maintenance, and modernization of railway rolling stock.<ref>https://www.newag.pl/en/company/history/</ref> Their most notable products include: the families of electric locomotives '''Griffin'''<ref>https://www.newag.pl/en/offer/griffin/</ref><ref>https://twojsacz.pl/kolejne-lokomotywy-griffin-z-nowego-sacza-trafily-do-pkp-intercity/</ref> and '''Dragon''',<ref>https://www.newag.pl/en/offer/dragon/</ref> as well as the '''Impuls''' family of multiple units.<ref>https://www.newag.pl/en/offer/impuls/</ref>
-== Backdoor Incident ==
+==Anti-competitive practices==
-In 2022, when maintenance was done on trains manufactured by '''Newag''', malicious code and backdoors were discovered which were found to make the trains break down after third-party repairs, prevent them from entering a competitors workshop and also stop working after a set amount of time standing still.<ref>https://arstechnica.com/tech-policy/2023/12/manufacturer-deliberately-bricked-trains-repaired-by-competitors-hackers-find/?utm_source=chatgpt.com</ref> The investigation against '''Newag''' is still on-going.
+In 2022, a regional Polish train operator commissioned a third-party repair service - '''SPS''' - to complete maintenance on Impuls trains<ref name=":0">https://badcyber.com/dieselgate-but-for-trains-some-heavyweight-hardware-hacking/</ref>. The repair service could not, however, bring the trains to move despite them being in working order. This, alongside accusations of "interfering with the trains' security systems"<ref>https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=227</ref> by Newag caused a tarnishing of SPS's reputation.<ref>https://www.youtube.com/watch?v=IXlYjgVpVIg</ref><ref name=":0" /> In 2023, however, a group of Polish cybersecurity experts from Dragon Sector,<ref name=":0" /><ref>https://dragonsector.pl/</ref> after being hired by SPS, disclosed findings that a number of lock-up mechanisms were placed in the trains' software.<ref>https://media.ccc.de/v/38c3-we-ve-not-been-trained-for-this-life-after-the-newag-drm-disclosure#t=691</ref><ref>https://social.hackerspace.pl/@q3k/111528162462505087</ref><ref>https://arstechnica.com/tech-policy/2023/12/manufacturer-deliberately-bricked-trains-repaired-by-competitors-hackers-find/?utm_source=chatgpt.com</ref> These allegedly include:
-== Sources ==
+#'''A "lack of movement timer"''', which would disable the train after it has not moved for a set amount of time.<ref>https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=1625</ref>
-<references />
+#'''Geofencing''' - the train would disable itself once it detects that it is in one of Newag's competitors' workshops.<ref>[https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=1685 https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=1713]</ref><ref name=":1">https://media.ccc.de/v/38c3-we-ve-not-been-trained-for-this-life-after-the-newag-drm-disclosure#t=1293</ref><ref>https://social.hackerspace.pl/@q3k/111528162462505087</ref>
+#'''Serializing''' the CAN bus extension device of the train, disabling it if a change in the CAN's serial number is detected.<ref>https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=1814</ref>
+#'''A date check,''' which would cause the train to lock up if it was not serviced by Newag before the 21st of November 2022, claiming compressor failure.<ref name=":2">https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=1891</ref>
+The geofencing mechanism has later been shown to allegedly be the cause of disruptions on a connection serviced by Impuls trains, having them disable themselves when passing near one of the geofenced locations.<ref name=":1" /> The date check, meanwhile, was poorly implemented, and would only cause the train to be locked from 11/21 to 12/1 and from 12/21 to 1/1 each year after 2021.<ref name=":2" /><ref>https://wiadomosci.onet.pl/kraj/skandal-na-kolei-pociag-newagu-stanal-bo-znowu-nadszedl-21-grudnia/41mdspf?utm_source=www.qwant.com_viasg_wiadomosci&utm_medium=referal&utm_campaign=leo_automatic&srcc=undefined&utm_v=2</ref><ref name=":3">https://www.rynek-kolejowy.pl/wiadomosci/impuls-zepsul-sie-z-powodu-21-grudnia-mamy-stanowisko-newagu--116695.html</ref>
+Newag firmly denies any claims of wrongdoing, releasing multiple statements<ref name=":3" /> claiming the findings of Dragon Sector, as well as reports from media outlets, are "slander" from their competition, "which is conducting an illegal campaign of black PR against us."<ref name=":4">https://www.railjournal.com/fleet/newag-comes-out-fighting-in-claims-over-foul-play/</ref> Newag claims they "have not, do not and will not introduce" any software locks.<ref name=":4" /> The statements also implied an attempt to "undermine Newag's market position".<ref name=":3" />
+The investigation against Newag is still on-going.
+==References==
+{{Reflist}}