Consumer Rights Wiki

Newag

Revision as of 22:29, 13 February 2025 by Sojourna (talk | contribs) (Added infobox, removed excessive bold, other minor changes)

This article is a stub. You can help by expanding it.

A moderator needs to check the page before this notice can be removed. Visit the noticeboard or the #appeals channel in either Zulip or Discord to request removal.
More info ▼

An article may be flagged as a stub when it is missing major elements needed to make it useful to a reader. You can help by adding missing sections, verifiable sources, relevant company policies and communications, etc. to make the article more complete.


Newag S.A. (pronounced "nevag") is a publicly traded[1] Polish company based in Nowy Sącz that specializes in the production, maintenance, and modernization of railway rolling stock.[2] Their most notable products include: the families of electric locomotives Griffin[3][4] and Dragon,[5] as well as the Impuls family of multiple units.[6]

Newag S.A.
File:Newag Group logo.png
Basic information
Founded 1876
Legal structure Manufacturer
Industry Rail
Official website https://www.newag.pl/

Anti-competitive practices

In 2022, a regional Polish train operator commissioned a third-party repair service - SPS - to complete maintenance on Impuls trains[7]. The repair service could not, however, bring the trains to move despite them being in working order. This, alongside accusations of "interfering with the trains' security systems"[8] by Newag caused a tarnishing of SPS's reputation.[9][7] In 2023, however, a group of Polish cybersecurity experts from Dragon Sector,[7][10] after being hired by SPS, disclosed findings that a number of lock-up mechanisms were placed in the trains' software.[11][12][13] These allegedly include:

  1. A "lack of movement timer", which would disable the train after it has not moved for a set amount of time.[14]
  2. Geofencing - the train would disable itself once it detects that it is in one of Newag's competitors' workshops.[15][16][17]
  3. Serializing the CAN bus extension device of the train, disabling it if a change in the CAN's serial number is detected.[18]
  4. A date check, which would cause the train to lock up if it was not serviced by Newag before the 21st of November 2022, claiming compressor failure.[19]

The geofencing mechanism has later been shown to allegedly be the cause of disruptions on a connection serviced by Impuls trains, having them disable themselves when passing near one of the geofenced locations.[16] The date check, meanwhile, was poorly implemented, and would only cause the train to be locked from 11/21 to 12/1 and from 12/21 to 1/1 each year after 2021.[19][20][21]

Newag firmly denies any claims of wrongdoing, releasing multiple statements[21] claiming the findings of Dragon Sector, as well as reports from media outlets, are "slander" from their competition, "which is conducting an illegal campaign of black PR against us."[22] Newag claims they "have not, do not and will not introduce" any software locks.[22] The statements also implied an attempt to "undermine Newag's market position".[21]

The investigation against Newag is still on-going.

References

  1. https://www.gpw.pl/company-factsheet?isin=PLNEWAG00012
  2. https://www.newag.pl/en/company/history/
  3. https://www.newag.pl/en/offer/griffin/
  4. https://twojsacz.pl/kolejne-lokomotywy-griffin-z-nowego-sacza-trafily-do-pkp-intercity/
  5. https://www.newag.pl/en/offer/dragon/
  6. https://www.newag.pl/en/offer/impuls/
  7. 7.0 7.1 7.2 https://badcyber.com/dieselgate-but-for-trains-some-heavyweight-hardware-hacking/
  8. https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=227
  9. https://www.youtube.com/watch?v=IXlYjgVpVIg
  10. https://dragonsector.pl/
  11. https://media.ccc.de/v/38c3-we-ve-not-been-trained-for-this-life-after-the-newag-drm-disclosure#t=691
  12. https://social.hackerspace.pl/@q3k/111528162462505087
  13. https://arstechnica.com/tech-policy/2023/12/manufacturer-deliberately-bricked-trains-repaired-by-competitors-hackers-find/?utm_source=chatgpt.com
  14. https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=1625
  15. https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=1713
  16. 16.0 16.1 https://media.ccc.de/v/38c3-we-ve-not-been-trained-for-this-life-after-the-newag-drm-disclosure#t=1293
  17. https://social.hackerspace.pl/@q3k/111528162462505087
  18. https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=1814
  19. 19.0 19.1 https://media.ccc.de/v/37c3-12142-breaking_drm_in_polish_trains#t=1891
  20. https://wiadomosci.onet.pl/kraj/skandal-na-kolei-pociag-newagu-stanal-bo-znowu-nadszedl-21-grudnia/41mdspf?utm_source=www.qwant.com_viasg_wiadomosci&utm_medium=referal&utm_campaign=leo_automatic&srcc=undefined&utm_v=2
  21. 21.0 21.1 21.2 https://www.rynek-kolejowy.pl/wiadomosci/impuls-zepsul-sie-z-powodu-21-grudnia-mamy-stanowisko-newagu--116695.html
  22. 22.0 22.1 https://www.railjournal.com/fleet/newag-comes-out-fighting-in-claims-over-foul-play/
Retrieved from "https://consumerrights.wiki/index.php?title=Newag&oldid=8908"