Newag backdoor: Difference between revisions

Line 1:

'''Newag S.A.''' (pronounced ''"nevag"'') is a Polish company based in Nowy Sącz that specializes in the production, maintenance, and modernization of railway rolling stock.<ref>https://www.newag.pl/en/company/history/</ref>

'''Newag S.A.''' (pronounced ''"nevag"'') is a publicly traded<ref>https://www.gpw.pl/company-factsheet?isin=PLNEWAG00012</ref> Polish company based in Nowy Sącz that specializes in the production, maintenance, and modernization of railway rolling stock.<ref>https://www.newag.pl/en/company/history/</ref> Their most notable products include: the families of electric locomotives '''Griffin'''<ref>https://www.newag.pl/en/offer/griffin/</ref><ref>https://twojsacz.pl/kolejne-lokomotywy-griffin-z-nowego-sacza-trafily-do-pkp-intercity/</ref> and '''Dragon'''<ref>https://www.newag.pl/en/offer/dragon/</ref>, as well as the '''Impuls''' family of multiple units<ref>https://www.newag.pl/en/offer/impuls/</ref>.

==~~Backdoor incident~~==

==Anti-competitive practices==

In 2022, ~~when~~ maintenance ~~was done~~ on ~~trains manufactured by~~ '''~~Newag~~''', ~~malicious code and backdoors were discovered which were found~~ to ~~make~~ the trains ~~break down after third~~-~~party repairs~~, ~~prevent them from entering a competitors workshop and also stop working after~~ a ~~set amount~~ of ~~time standing still.~~<ref>[https://~~arstechnica~~.~~com~~/~~tech~~-~~policy~~/~~2023~~/12/~~manufacturer~~-~~deliberately~~-~~bricked~~-~~trains~~-~~repaired~~-by-~~competitors~~-~~hackers~~-~~find~~/~~?utm_source=chatgpt~~.~~com~~ https://arstechnica.com/tech-policy/2023/12/manufacturer-deliberately-bricked-trains-repaired-by-competitors-hackers-find/]</ref> ~~The investigation against '''Newag''' is still on-going~~.

In 2022, a regional Polish train operator commissioned a third-party repair service - '''SPS''' - to complete maintenance on '''Impuls''' trains<ref name=":0">https://badcyber.com/dieselgate-but-for-trains-some-heavyweight-hardware-hacking/</ref>. The repair service could not, however, bring the trains to move despite them being in working order. This, alongside accusations of '''"interfering with the trains' security systems"'''<ref>https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=227</ref> by Newag caused a tarnishing of SPS's reputation<ref>https://www.youtube.com/watch?v=IXlYjgVpVIg</ref><ref name=":0" />. In 2023, however, a group of Polish cybersecurity experts from Dragon Sector<ref name=":0" /><ref>https://dragonsector.pl/</ref>, after being hired by SPS, disclosed findings that '''a number of lock-up mechanisms''' were placed in the trains' software<ref>https://media.ccc.de/v/38c3-we-ve-not-been-trained-for-this-life-after-the-newag-drm-disclosure#t=691</ref><ref>https://social.hackerspace.pl/@q3k/111528162462505087</ref><ref>https://arstechnica.com/tech-policy/2023/12/manufacturer-deliberately-bricked-trains-repaired-by-competitors-hackers-find/?utm_source=chatgpt.com</ref>. These allegedly include:

==~~Sources~~==

# '''A "lack of movement timer"''', which would disable the train after it has not moved for a set amount of time.<ref>https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=1625</ref>

# '''Geofencing''' - the train would disable itself once it detects that it is in one of Newag's competitors' workshops.<ref>[https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=1685 https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=1713]</ref><ref name=":1">https://media.ccc.de/v/38c3-we-ve-not-been-trained-for-this-life-after-the-newag-drm-disclosure#t=1293</ref><ref>https://social.hackerspace.pl/@q3k/111528162462505087</ref>

# '''Serializing''' the CAN bus extension device of the train, disabling it if a change in the CAN's serial number is detected.<ref>https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=1814</ref>

# '''A date check,''' which would cause the train to lock up if it was not serviced by '''Newag''' before the 21st of November 2022, claiming compressor failure.<ref name=":2">https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=1891</ref>

The geofencing mechanism has later been shown to allegedly be the cause of disruptions on a connection serviced by Impuls trains, having them '''disable themselves when passing near one of the geofenced locations.'''<ref name=":1" /> The date check, meanwhile, was poorly implemented, and would only cause the train to be locked from 11/21 to 12/1 and from 12/21 to 1/1 each year after 2021.<ref name=":2" /><ref>https://wiadomosci.onet.pl/kraj/skandal-na-kolei-pociag-newagu-stanal-bo-znowu-nadszedl-21-grudnia/41mdspf?utm_source=www.qwant.com_viasg_wiadomosci&utm_medium=referal&utm_campaign=leo_automatic&srcc=undefined&utm_v=2</ref><ref name=":3">https://www.rynek-kolejowy.pl/wiadomosci/impuls-zepsul-sie-z-powodu-21-grudnia-mamy-stanowisko-newagu--116695.html</ref>

'''Newag''' firmly denies any claims of wrongdoing, releasing multiple statements<ref name=":3" /> claiming the findings of Dragon Sector, as well as reports from media outlets, are "slander" from their competition, "which is conducting an illegal campaign of black PR against us."<ref name=":4">https://www.railjournal.com/fleet/newag-comes-out-fighting-in-claims-over-foul-play/</ref> Newag claims they "have not, do not and will not introduce" any software locks.<ref name=":4" /> The statements also implied an attempt to "undermine Newag's market position".<ref name=":3" />

The investigation against '''Newag''' is still on-going.

@@ Line 1: / Line 1: @@
 {{StubNotice}}
-'''Newag S.A.''' (pronounced ''"nevag"'') is a Polish company based in Nowy Sącz that specializes in the production, maintenance, and modernization of railway rolling stock.<ref>https://www.newag.pl/en/company/history/</ref>
+'''Newag S.A.''' (pronounced ''"nevag"'') is a publicly traded<ref>https://www.gpw.pl/company-factsheet?isin=PLNEWAG00012</ref> Polish company based in Nowy Sącz that specializes in the production, maintenance, and modernization of railway rolling stock.<ref>https://www.newag.pl/en/company/history/</ref> Their most notable products include: the families of electric locomotives '''Griffin'''<ref>https://www.newag.pl/en/offer/griffin/</ref><ref>https://twojsacz.pl/kolejne-lokomotywy-griffin-z-nowego-sacza-trafily-do-pkp-intercity/</ref> and '''Dragon'''<ref>https://www.newag.pl/en/offer/dragon/</ref>, as well as the '''Impuls''' family of multiple units<ref>https://www.newag.pl/en/offer/impuls/</ref>.
-==Backdoor incident==
+==Anti-competitive practices==
-In 2022, when maintenance was done on trains manufactured by '''Newag''', malicious code and backdoors were discovered which were found to make the trains break down after third-party repairs, prevent them from entering a competitors workshop and also stop working after a set amount of time standing still.<ref>[https://arstechnica.com/tech-policy/2023/12/manufacturer-deliberately-bricked-trains-repaired-by-competitors-hackers-find/?utm_source=chatgpt.com https://arstechnica.com/tech-policy/2023/12/manufacturer-deliberately-bricked-trains-repaired-by-competitors-hackers-find/]</ref> The investigation against '''Newag''' is still on-going.
+In 2022, a regional Polish train operator commissioned a third-party repair service - '''SPS''' - to complete maintenance on '''Impuls''' trains<ref name=":0">https://badcyber.com/dieselgate-but-for-trains-some-heavyweight-hardware-hacking/</ref>. The repair service could not, however, bring the trains to move despite them being in working order. This, alongside accusations of '''"interfering with the trains' security systems"'''<ref>https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=227</ref> by Newag caused a tarnishing of SPS's reputation<ref>https://www.youtube.com/watch?v=IXlYjgVpVIg</ref><ref name=":0" />. In 2023, however, a group of Polish cybersecurity experts from Dragon Sector<ref name=":0" /><ref>https://dragonsector.pl/</ref>, after being hired by SPS, disclosed findings that '''a number of lock-up mechanisms''' were placed in the trains' software<ref>https://media.ccc.de/v/38c3-we-ve-not-been-trained-for-this-life-after-the-newag-drm-disclosure#t=691</ref><ref>https://social.hackerspace.pl/@q3k/111528162462505087</ref><ref>https://arstechnica.com/tech-policy/2023/12/manufacturer-deliberately-bricked-trains-repaired-by-competitors-hackers-find/?utm_source=chatgpt.com</ref>. These allegedly include:
-==Sources==
+# '''A "lack of movement timer"''', which would disable the train after it has not moved for a set amount of time.<ref>https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=1625</ref>
+# '''Geofencing''' - the train would disable itself once it detects that it is in one of Newag's competitors' workshops.<ref>[https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=1685 https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=1713]</ref><ref name=":1">https://media.ccc.de/v/38c3-we-ve-not-been-trained-for-this-life-after-the-newag-drm-disclosure#t=1293</ref><ref>https://social.hackerspace.pl/@q3k/111528162462505087</ref>
+# '''Serializing''' the CAN bus extension device of the train, disabling it if a change in the CAN's serial number is detected.<ref>https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=1814</ref>
+# '''A date check,''' which would cause the train to lock up if it was not serviced by '''Newag''' before the 21st of November 2022, claiming compressor failure.<ref name=":2">https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=1891</ref>
+The geofencing mechanism has later been shown to allegedly be the cause of disruptions on a connection serviced by Impuls trains, having them '''disable themselves when passing near one of the geofenced locations.'''<ref name=":1" /> The date check, meanwhile, was poorly implemented, and would only cause the train to be locked from 11/21 to 12/1 and from 12/21 to 1/1 each year after 2021.<ref name=":2" /><ref>https://wiadomosci.onet.pl/kraj/skandal-na-kolei-pociag-newagu-stanal-bo-znowu-nadszedl-21-grudnia/41mdspf?utm_source=www.qwant.com_viasg_wiadomosci&utm_medium=referal&utm_campaign=leo_automatic&srcc=undefined&utm_v=2</ref><ref name=":3">https://www.rynek-kolejowy.pl/wiadomosci/impuls-zepsul-sie-z-powodu-21-grudnia-mamy-stanowisko-newagu--116695.html</ref>
+'''Newag''' firmly denies any claims of wrongdoing, releasing multiple statements<ref name=":3" /> claiming the findings of Dragon Sector, as well as reports from media outlets, are "slander" from their competition, "which is conducting an illegal campaign of black PR against us."<ref name=":4">https://www.railjournal.com/fleet/newag-comes-out-fighting-in-claims-over-foul-play/</ref> Newag claims they "have not, do not and will not introduce" any software locks.<ref name=":4" /> The statements also implied an attempt to "undermine Newag's market position".<ref name=":3" />
+The investigation against '''Newag''' is still on-going.
 <references />