Consumer Rights Wiki

Newag

Revision as of 22:05, 29 January 2025 by WeSueResearchers (talk | contribs) (Developed the article (had to copy work from another window, hence the whole article is highlighted as new), added a lot of citations (perchance, a bit too many). Issues still to fix are: develop the article further, remove bias (include information about Newag's findings of interference in software from citation 21), include more diversity into the citations (I relied heavily on two presentations done by Dragon Sector on Chaos Computer Club conferences).)

This article is a stub. You can help by expanding it.

A moderator needs to check the page before this notice can be removed. Visit the noticeboard or the #appeals channel in either Zulip or Discord to request removal.
More info ▼

An article may be flagged as a stub when it is missing major elements needed to make it useful to a reader. You can help by adding missing sections, verifiable sources, relevant company policies and communications, etc. to make the article more complete.

Newag S.A. (pronounced "nevag") is a publicly traded[1] Polish company based in Nowy Sącz that specializes in the production, maintenance, and modernization of railway rolling stock.[2] Their most notable products include: the families of electric locomotives Griffin[3][4] and Dragon[5], as well as the Impuls family of multiple units[6].

Anti-competitive practices

In 2022, a regional Polish train operator commissioned a third-party repair service - SPS - to complete maintenance on Impuls trains[7]. The repair service could not, however, bring the trains to move despite them being in working order. This, alongside accusations of "interfering with the trains' security systems"[8] by Newag caused a tarnishing of SPS's reputation[9][7]. In 2023, however, a group of Polish cybersecurity experts from Dragon Sector[7][10], after being hired by SPS, disclosed findings that a number of lock-up mechanisms were placed in the trains' software[11][12][13]. These allegedly include:

  1. A "lack of movement timer", which would disable the train after it has not moved for a set amount of time.[14]
  2. Geofencing - the train would disable itself once it detects that it is in one of Newag's competitors' workshops.[15][16][17]
  3. Serializing the CAN bus extension device of the train, disabling it if a change in the CAN's serial number is detected.[18]
  4. A date check, which would cause the train to lock up if it was not serviced by Newag before the 21st of November 2022, claiming compressor failure.[19]

The geofencing mechanism has later been shown to allegedly be the cause of disruptions on a connection serviced by Impuls trains, having them disable themselves when passing near one of the geofenced locations.[16] The date check, meanwhile, was poorly implemented, and would only cause the train to be locked from 11/21 to 12/1 and from 12/21 to 1/1 each year after 2021.[19][20][21]

Newag firmly denies any claims of wrongdoing, releasing multiple statements[21] claiming the findings of Dragon Sector, as well as reports from media outlets, are "slander" from their competition, "which is conducting an illegal campaign of black PR against us."[22] Newag claims they "have not, do not and will not introduce" any software locks.[22] The statements also implied an attempt to "undermine Newag's market position".[21]

The investigation against Newag is still on-going.

  1. https://www.gpw.pl/company-factsheet?isin=PLNEWAG00012
  2. https://www.newag.pl/en/company/history/
  3. https://www.newag.pl/en/offer/griffin/
  4. https://twojsacz.pl/kolejne-lokomotywy-griffin-z-nowego-sacza-trafily-do-pkp-intercity/
  5. https://www.newag.pl/en/offer/dragon/
  6. https://www.newag.pl/en/offer/impuls/
  7. 7.0 7.1 7.2 https://badcyber.com/dieselgate-but-for-trains-some-heavyweight-hardware-hacking/
  8. https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=227
  9. https://www.youtube.com/watch?v=IXlYjgVpVIg
  10. https://dragonsector.pl/
  11. https://media.ccc.de/v/38c3-we-ve-not-been-trained-for-this-life-after-the-newag-drm-disclosure#t=691
  12. https://social.hackerspace.pl/@q3k/111528162462505087
  13. https://arstechnica.com/tech-policy/2023/12/manufacturer-deliberately-bricked-trains-repaired-by-competitors-hackers-find/?utm_source=chatgpt.com
  14. https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=1625
  15. https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=1713
  16. 16.0 16.1 https://media.ccc.de/v/38c3-we-ve-not-been-trained-for-this-life-after-the-newag-drm-disclosure#t=1293
  17. https://social.hackerspace.pl/@q3k/111528162462505087
  18. https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=1814
  19. 19.0 19.1 https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=1891
  20. https://wiadomosci.onet.pl/kraj/skandal-na-kolei-pociag-newagu-stanal-bo-znowu-nadszedl-21-grudnia/41mdspf?utm_source=www.qwant.com_viasg_wiadomosci&utm_medium=referal&utm_campaign=leo_automatic&srcc=undefined&utm_v=2
  21. 21.0 21.1 21.2 https://www.rynek-kolejowy.pl/wiadomosci/impuls-zepsul-sie-z-powodu-21-grudnia-mamy-stanowisko-newagu--116695.html
  22. 22.0 22.1 https://www.railjournal.com/fleet/newag-comes-out-fighting-in-claims-over-foul-play/
Retrieved from "https://consumerrights.wiki/index.php?title=Newag&oldid=6700"