Newag: Difference between revisions
Remove query parameter from citation URL that would tell Ars Technica that those following the citation were coming from ChatGPT. Tags: Mobile edit Mobile web edit Visual edit |
→References: Archive |
||
| (22 intermediate revisions by 12 users not shown) | |||
| Line 1: | Line 1: | ||
{{ | {{CompanyCargo | ||
|Description=Polish manufacturer of railway rolling stock. | |||
|Founded=1876 | |||
|Industry=Railway | |||
|Logo=Newag Group logo.svg | |||
|ParentCompany= | |||
|Type=Public | |||
|Website=https://www.newag.pl/ | |||
}} | |||
'''Newag S.A.''' (pronounced ''"nevag"'') is a Polish company based in Nowy Sącz that specializes in the production, maintenance, and modernization of railway rolling stock.<ref>https://www.newag.pl/en/company/history/</ref> | '''{{wplink|Newag|Newag S.A.}}''' (pronounced ''"nevag"'') is a publicly traded Polish company based in {{wplink|Nowy Sącz}} that specializes in the production, maintenance, and modernization of railway rolling stock.<ref>{{Cite web |title=Company factsheet |url=https://www.gpw.pl/company-factsheet?isin=PLNEWAG00012 |url-status=live |archive-url=https://web.archive.org/web/20260407160342/https://www.gpw.pl/company-factsheet?isin=PLNEWAG00012 |archive-date=7 Apr 2026 |access-date=1 Mar 2026 |website=GPW}}</ref><ref>{{Cite web |title=Company history |url=https://www.newag.pl/en/company/history/ |archive-url=http://web.archive.org/web/20250120130623/https://www.newag.pl/en/company/history/ |archive-date=20 Jan 2025 |access-date=1 Mar 2026 |website=Newag}}</ref> | ||
Their most notable products include the electric locomotive families '''Griffin''' and '''Dragon''', as well as the '''Impuls''' family of multiple units.<ref>{{Cite web |title=Griffin |url=https://www.newag.pl/en/offer/griffin/ |archive-url=http://web.archive.org/web/20250125122434/https://www.newag.pl/en/offer/griffin/ |archive-date=25 Jan 2025 |access-date=1 Mar 2026 |website=Newag}}</ref><ref>{{Cite web |title=Dragon |url=https://www.newag.pl/en/offer/dragon/ |archive-url=http://web.archive.org/web/20250209153246/https://www.newag.pl/en/offer/dragon/ |archive-date=9 Feb 2025 |access-date=1 Mar 2026 |website=Newag}}</ref><ref>{{Cite web |title=Impuls |url=https://www.newag.pl/en/offer/impuls/ |archive-url=http://web.archive.org/web/20250112104016/https://www.newag.pl/en/offer/impuls/ |archive-date=12 Jan 2025 |access-date=1 Mar 2026 |website=Newag}}</ref> | |||
== | ==Consumer impact summary== | ||
====Repair restrictions==== | |||
In 2022, a regional Polish train operator commissioned third-party repair service SPS to complete maintenance on Impuls trains.<ref name="badcyber">{{Cite web |title=Dieselgate but for trains |url=https://badcyber.com/dieselgate-but-for-trains-some-heavyweight-hardware-hacking/ |archive-url=http://web.archive.org/web/20260222173559/https://badcyber.com/dieselgate-but-for-trains-some-heavyweight-hardware-hacking/ |archive-date=22 Feb 2026 |access-date=1 Mar 2026 |website=Bad Cyber}}</ref> The trains reportedly failed to operate despite being mechanically functional. Allegations emerged that software mechanisms prevented operation following third-party servicing. | |||
====Software lock mechanisms==== | |||
In 2023, cybersecurity researchers from Dragon Sector, hired by SPS, disclosed findings that software lock mechanisms had allegedly been embedded within Impuls trains.<ref name="ars">{{Cite web |title=Manufacturer deliberately bricked trains repaired by competitors, hackers find |url=https://arstechnica.com/tech-policy/2023/12/manufacturer-deliberately-bricked-trains-repaired-by-competitors-hackers-find/ |archive-url=http://web.archive.org/web/20251105052028/https://arstechnica.com/tech-policy/2023/12/manufacturer-deliberately-bricked-trains-repaired-by-competitors-hackers-find/ |archive-date=5 Nov 2025 |access-date=1 Mar 2026 |website=Ars Technica}}</ref> | |||
Alleged mechanisms included: | |||
*A “lack of movement timer” disabling trains after inactivity. | |||
*Geofencing that disabled trains at competitor workshops. | |||
*Serialization of CAN bus components. | |||
*A date-based lock tied to servicing deadlines. | |||
====Geofencing disruptions==== | |||
The geofencing mechanism was later alleged to have caused operational disruptions when trains passed near flagged GPS locations.<ref>{{Cite web |title=We’ve Not Been Trained For This |url=https://media.ccc.de/v/38c3-we-ve-not-been-trained-for-this-life-after-the-newag-drm-disclosure |archive-url=http://web.archive.org/web/20260116035645/https://media.ccc.de/v/38c3-we-ve-not-been-trained-for-this-life-after-the-newag-drm-disclosure |archive-date=16 Jan 2026 |access-date=1 Mar 2026 |website=CCC}}</ref> | |||
====Company response==== | |||
Newag denied the allegations, stating it had not introduced software locks and characterizing the reports as defamatory and damaging to its market position.<ref>{{Cite web |title=Newag comes out fighting in claims over foul play |url=https://www.railjournal.com/fleet/newag-comes-out-fighting-in-claims-over-foul-play/ |archive-url=http://web.archive.org/web/20260216171632/https://www.railjournal.com/fleet/newag-comes-out-fighting-in-claims-over-foul-play/ |archive-date=16 Feb 2026 |access-date=1 Mar 2026 |website=Rail Journal}}</ref> | |||
==Incidents== | |||
This is a list of all consumer protection incidents this company is involved in. Any incidents not mentioned here can be found in the [[:Category:{{FULLPAGENAME}}|{{PAGENAME}} category]]. | |||
===2023 Anti-competition GPS and time based software lockups=== | |||
In December 2023 white-hat hacker group Dragon Sector revealed findings regarding Newag Impuls rolling stock malfunctions. They were employed by SPS Mieczkowski to investigate issues regarding repair of Impuls trains. After reverse engineering analysis, they reported discovering multiple software flags, GPS-based geofencing coordinates corresponding to competing service companies, parts serialization mechanisms, and timed lock conditions. Following disclosure, investigations and legal proceedings were initiated. As of August 2025, the matter has not reached conclusion.<ref name="ars" /> | |||
===2024 Lawsuit against SPS and Dragon Sector=== | |||
In August 2024 Newag Group launched a lawsuit against SPS and Dragon Sector. In this lawsuit Newag claims Dragon Sector exposed train passengers to danger by modifying code of train computers, while also alleging copyright infringement under EU Directive 2009/24/EC related to reverse engineering of software. As of August 2025 this lawsuit has not reached conclusion. | |||
===Lawsuit reported by iFixit (July 2025)=== | |||
On July 28, 2025, iFixit reported that Newag had initiated legal proceedings against members of Dragon Sector and SPS following their public disclosure of alleged software-based repair restrictions in Impuls trains.<ref>{{Cite web |date=28 Jul 2025 |title=Polish Train Maker Is Suing the Hackers Who Exposed Its Anti-Repair Tricks |url=https://es.ifixit.com/News/112008/polish-train-maker-is-suing-the-hackers-who-exposed-its-anti-repair-tricks |url-status=live |archive-url=https://web.archive.org/web/20260302202139/https://es.ifixit.com/News/112008/polish-train-maker-is-suing-the-hackers-who-exposed-its-anti-repair-tricks |archive-date=2026-03-02 |access-date=1 Mar 2026 |website=iFixit}}</ref> | |||
The report states that the lawsuit includes allegations of copyright infringement related to reverse engineering and software modification. The case remains ongoing. | |||
==See also== | |||
*[[Leo Express]] | |||
==References== | |||
<references /> | <references /> | ||
[[Category:Newag]] | |||
Latest revision as of 16:06, 7 April 2026
| Basic information | |
|---|---|
| Founded | 1876 |
| Legal Structure | Public |
| Industry | Railway |
| Also known as | |
| Official website | https://www.newag.pl/ |
Newag S.A. (pronounced "nevag") is a publicly traded Polish company based in Nowy Sącz that specializes in the production, maintenance, and modernization of railway rolling stock.[1][2]
Their most notable products include the electric locomotive families Griffin and Dragon, as well as the Impuls family of multiple units.[3][4][5]
Consumer impact summary
[edit | edit source]Repair restrictions
[edit | edit source]In 2022, a regional Polish train operator commissioned third-party repair service SPS to complete maintenance on Impuls trains.[6] The trains reportedly failed to operate despite being mechanically functional. Allegations emerged that software mechanisms prevented operation following third-party servicing.
Software lock mechanisms
[edit | edit source]In 2023, cybersecurity researchers from Dragon Sector, hired by SPS, disclosed findings that software lock mechanisms had allegedly been embedded within Impuls trains.[7]
Alleged mechanisms included:
- A “lack of movement timer” disabling trains after inactivity.
- Geofencing that disabled trains at competitor workshops.
- Serialization of CAN bus components.
- A date-based lock tied to servicing deadlines.
Geofencing disruptions
[edit | edit source]The geofencing mechanism was later alleged to have caused operational disruptions when trains passed near flagged GPS locations.[8]
Company response
[edit | edit source]Newag denied the allegations, stating it had not introduced software locks and characterizing the reports as defamatory and damaging to its market position.[9]
Incidents
[edit | edit source]This is a list of all consumer protection incidents this company is involved in. Any incidents not mentioned here can be found in the Newag category.
2023 Anti-competition GPS and time based software lockups
[edit | edit source]In December 2023 white-hat hacker group Dragon Sector revealed findings regarding Newag Impuls rolling stock malfunctions. They were employed by SPS Mieczkowski to investigate issues regarding repair of Impuls trains. After reverse engineering analysis, they reported discovering multiple software flags, GPS-based geofencing coordinates corresponding to competing service companies, parts serialization mechanisms, and timed lock conditions. Following disclosure, investigations and legal proceedings were initiated. As of August 2025, the matter has not reached conclusion.[7]
2024 Lawsuit against SPS and Dragon Sector
[edit | edit source]In August 2024 Newag Group launched a lawsuit against SPS and Dragon Sector. In this lawsuit Newag claims Dragon Sector exposed train passengers to danger by modifying code of train computers, while also alleging copyright infringement under EU Directive 2009/24/EC related to reverse engineering of software. As of August 2025 this lawsuit has not reached conclusion.
Lawsuit reported by iFixit (July 2025)
[edit | edit source]On July 28, 2025, iFixit reported that Newag had initiated legal proceedings against members of Dragon Sector and SPS following their public disclosure of alleged software-based repair restrictions in Impuls trains.[10]
The report states that the lawsuit includes allegations of copyright infringement related to reverse engineering and software modification. The case remains ongoing.
See also
[edit | edit source]References
[edit | edit source]- ↑ "Company factsheet". GPW. Archived from the original on 7 Apr 2026. Retrieved 1 Mar 2026.
- ↑ "Company history". Newag. Archived from the original on 20 Jan 2025. Retrieved 1 Mar 2026.
- ↑ "Griffin". Newag. Archived from the original on 25 Jan 2025. Retrieved 1 Mar 2026.
- ↑ "Dragon". Newag. Archived from the original on 9 Feb 2025. Retrieved 1 Mar 2026.
- ↑ "Impuls". Newag. Archived from the original on 12 Jan 2025. Retrieved 1 Mar 2026.
- ↑ "Dieselgate but for trains". Bad Cyber. Archived from the original on 22 Feb 2026. Retrieved 1 Mar 2026.
- ↑ 7.0 7.1 "Manufacturer deliberately bricked trains repaired by competitors, hackers find". Ars Technica. Archived from the original on 5 Nov 2025. Retrieved 1 Mar 2026.
- ↑ "We've Not Been Trained For This". CCC. Archived from the original on 16 Jan 2026. Retrieved 1 Mar 2026.
- ↑ "Newag comes out fighting in claims over foul play". Rail Journal. Archived from the original on 16 Feb 2026. Retrieved 1 Mar 2026.
- ↑ "Polish Train Maker Is Suing the Hackers Who Exposed Its Anti-Repair Tricks". iFixit. 28 Jul 2025. Archived from the original on 2026-03-02. Retrieved 1 Mar 2026.