Newag backdoor: Difference between revisions
m Added infobox, removed excessive bold, other minor changes |
NoGoodDeed (talk | contribs) m Update company logo |
||
| Line 6: | Line 6: | ||
| Industry = Rail | | Industry = Rail | ||
| Official Website = https://www.newag.pl/ | | Official Website = https://www.newag.pl/ | ||
| Logo = Newag Group logo. | | Logo = Newag Group logo.svg | ||
}} | |Name=}} | ||
'''{{wplink|Newag|Newag S.A.}}''' (pronounced ''"nevag"'') is a publicly traded<ref>https://www.gpw.pl/company-factsheet?isin=PLNEWAG00012</ref> Polish company based in {{wplink|Nowy Sącz}} that specializes in the production, maintenance, and modernization of railway rolling stock.<ref>https://www.newag.pl/en/company/history/</ref> Their most notable products include: the families of electric locomotives '''Griffin'''<ref>https://www.newag.pl/en/offer/griffin/</ref><ref>https://twojsacz.pl/kolejne-lokomotywy-griffin-z-nowego-sacza-trafily-do-pkp-intercity/</ref> and '''Dragon''',<ref>https://www.newag.pl/en/offer/dragon/</ref> as well as the '''Impuls''' family of multiple units.<ref>https://www.newag.pl/en/offer/impuls/</ref> | '''{{wplink|Newag|Newag S.A.}}''' (pronounced ''"nevag"'') is a publicly traded<ref>https://www.gpw.pl/company-factsheet?isin=PLNEWAG00012</ref> Polish company based in {{wplink|Nowy Sącz}} that specializes in the production, maintenance, and modernization of railway rolling stock.<ref>https://www.newag.pl/en/company/history/</ref> Their most notable products include: the families of electric locomotives '''Griffin'''<ref>https://www.newag.pl/en/offer/griffin/</ref><ref>https://twojsacz.pl/kolejne-lokomotywy-griffin-z-nowego-sacza-trafily-do-pkp-intercity/</ref> and '''Dragon''',<ref>https://www.newag.pl/en/offer/dragon/</ref> as well as the '''Impuls''' family of multiple units.<ref>https://www.newag.pl/en/offer/impuls/</ref> | ||
| Line 14: | Line 14: | ||
In 2022, a regional Polish train operator commissioned a third-party repair service - '''SPS''' - to complete maintenance on Impuls trains<ref name=":0">https://badcyber.com/dieselgate-but-for-trains-some-heavyweight-hardware-hacking/</ref>. The repair service could not, however, bring the trains to move despite them being in working order. This, alongside accusations of "interfering with the trains' security systems"<ref>https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=227</ref> by Newag caused a tarnishing of SPS's reputation.<ref>https://www.youtube.com/watch?v=IXlYjgVpVIg</ref><ref name=":0" /> In 2023, however, a group of Polish cybersecurity experts from Dragon Sector,<ref name=":0" /><ref>https://dragonsector.pl/</ref> after being hired by SPS, disclosed findings that a number of lock-up mechanisms were placed in the trains' software.<ref>https://media.ccc.de/v/38c3-we-ve-not-been-trained-for-this-life-after-the-newag-drm-disclosure#t=691</ref><ref>https://social.hackerspace.pl/@q3k/111528162462505087</ref><ref>https://arstechnica.com/tech-policy/2023/12/manufacturer-deliberately-bricked-trains-repaired-by-competitors-hackers-find/?utm_source=chatgpt.com</ref> These allegedly include: | In 2022, a regional Polish train operator commissioned a third-party repair service - '''SPS''' - to complete maintenance on Impuls trains<ref name=":0">https://badcyber.com/dieselgate-but-for-trains-some-heavyweight-hardware-hacking/</ref>. The repair service could not, however, bring the trains to move despite them being in working order. This, alongside accusations of "interfering with the trains' security systems"<ref>https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=227</ref> by Newag caused a tarnishing of SPS's reputation.<ref>https://www.youtube.com/watch?v=IXlYjgVpVIg</ref><ref name=":0" /> In 2023, however, a group of Polish cybersecurity experts from Dragon Sector,<ref name=":0" /><ref>https://dragonsector.pl/</ref> after being hired by SPS, disclosed findings that a number of lock-up mechanisms were placed in the trains' software.<ref>https://media.ccc.de/v/38c3-we-ve-not-been-trained-for-this-life-after-the-newag-drm-disclosure#t=691</ref><ref>https://social.hackerspace.pl/@q3k/111528162462505087</ref><ref>https://arstechnica.com/tech-policy/2023/12/manufacturer-deliberately-bricked-trains-repaired-by-competitors-hackers-find/?utm_source=chatgpt.com</ref> These allegedly include: | ||
# '''A "lack of movement timer"''', which would disable the train after it has not moved for a set amount of time.<ref>https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=1625</ref> | #'''A "lack of movement timer"''', which would disable the train after it has not moved for a set amount of time.<ref>https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=1625</ref> | ||
# '''Geofencing''' - the train would disable itself once it detects that it is in one of Newag's competitors' workshops.<ref>[https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=1685 https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=1713]</ref><ref name=":1">https://media.ccc.de/v/38c3-we-ve-not-been-trained-for-this-life-after-the-newag-drm-disclosure#t=1293</ref><ref>https://social.hackerspace.pl/@q3k/111528162462505087</ref> | #'''Geofencing''' - the train would disable itself once it detects that it is in one of Newag's competitors' workshops.<ref>[https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=1685 https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=1713]</ref><ref name=":1">https://media.ccc.de/v/38c3-we-ve-not-been-trained-for-this-life-after-the-newag-drm-disclosure#t=1293</ref><ref>https://social.hackerspace.pl/@q3k/111528162462505087</ref> | ||
# '''Serializing''' the CAN bus extension device of the train, disabling it if a change in the CAN's serial number is detected.<ref>https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=1814</ref> | #'''Serializing''' the CAN bus extension device of the train, disabling it if a change in the CAN's serial number is detected.<ref>https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=1814</ref> | ||
# '''A date check,''' which would cause the train to lock up if it was not serviced by Newag before the 21st of November 2022, claiming compressor failure.<ref name=":2">https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=1891</ref> | #'''A date check,''' which would cause the train to lock up if it was not serviced by Newag before the 21st of November 2022, claiming compressor failure.<ref name=":2">https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=1891</ref> | ||
The geofencing mechanism has later been shown to allegedly be the cause of disruptions on a connection serviced by Impuls trains, having them disable themselves when passing near one of the geofenced locations.<ref name=":1" /> The date check, meanwhile, was poorly implemented, and would only cause the train to be locked from 11/21 to 12/1 and from 12/21 to 1/1 each year after 2021.<ref name=":2" /><ref>https://wiadomosci.onet.pl/kraj/skandal-na-kolei-pociag-newagu-stanal-bo-znowu-nadszedl-21-grudnia/41mdspf?utm_source=www.qwant.com_viasg_wiadomosci&utm_medium=referal&utm_campaign=leo_automatic&srcc=undefined&utm_v=2</ref><ref name=":3">https://www.rynek-kolejowy.pl/wiadomosci/impuls-zepsul-sie-z-powodu-21-grudnia-mamy-stanowisko-newagu--116695.html</ref> | The geofencing mechanism has later been shown to allegedly be the cause of disruptions on a connection serviced by Impuls trains, having them disable themselves when passing near one of the geofenced locations.<ref name=":1" /> The date check, meanwhile, was poorly implemented, and would only cause the train to be locked from 11/21 to 12/1 and from 12/21 to 1/1 each year after 2021.<ref name=":2" /><ref>https://wiadomosci.onet.pl/kraj/skandal-na-kolei-pociag-newagu-stanal-bo-znowu-nadszedl-21-grudnia/41mdspf?utm_source=www.qwant.com_viasg_wiadomosci&utm_medium=referal&utm_campaign=leo_automatic&srcc=undefined&utm_v=2</ref><ref name=":3">https://www.rynek-kolejowy.pl/wiadomosci/impuls-zepsul-sie-z-powodu-21-grudnia-mamy-stanowisko-newagu--116695.html</ref> | ||