How a Group of Train Hackers Exposed a Right-to-Repair Nightmare | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

Earlier this month, Polish hackers known as Dragon Sector accused one of Poland’s largest train makers, Newag, of intentionally bricking its own trains when they’re repaired by third parties. Newag threatened to sue Dragon Sector, but the story exploded as an example of why we deserve the right-to-repair and the company is facing an investigation from the Polish Office of Competition and Consumer Protection (UOKIK). On Wednesday, the Polish hackers went on the offensive, telling Newag, “We’ll see you in court,” on the stage of a conference, and described how Dragon Sector reverse engineered a train.

“We’re 100% sure we were in the right,” said Sergiusz Bazański, a member of Dragon Sector at a German cybersecurity conference. “We’re 100% sure we were acting in the public interest. It’s Newag that should be scared, not us.”

Dragon Sector was hired by a repair workshop that was stumped by several Newag trains that wouldn’t start. The hackers quickly found anticompetitive behavior ingrained in the code of Newag trains and went to Polish authorities with the case in 2022. Dragon Sector says in two instances, Newag had written code that would cause a train to fail if it was at a competitor’s workshop. After a year of not seeing much progress with the authorities, the train hackers decided to go public.

Photo: Martyn Jandula (Shutterstock)

Dragon Sector was given just a week to unbrick the trains, because the train operator who hired them had so many broken trains it was causing severe service issues. After that, the operator said they would send the trains back to Newag for more expensive servicing (Newag assured them they could fix this issue).

Hackers found the bricks by comparing the code of working trains to bricked trains using an algorithm. Dragon Sector found Newag trains were triggered to lock up when reaching geofenced coordinates, sitting still for 10 days, or in one case, a train would simply lock up every year on December 21st. If any of the triggers were met, the train computer’s NVRAM (a memory system) would flip certain bits to zero, putting a gate on the train’s throttle and locking the train from moving. Dragon Sector analyzed 30 Newag trains, and 24 of them had locks, many of them with various triggers and locking mechanisms.

A slide from Dragon Sector’s presentation detailing Newag’s bricking mechanism.

A slide from Dragon Sector’s presentation detailing Newag’s bricking mechanism.
Image: Dragon Sector

“We didn’t intend to become whistleblowers,” said Bazański in an interview with Gizmodo. “I wanted things to start moving forward because what Newag seems to have done is ‘not cool’ to put it lightly.”

Dragon Sector has put Newag’s anticompetitive practices regarding repairs on an international stage. Typically, the right-to-repair movement focuses on manufacturers of small electronic devices, like smartphones and computers. In traditional bricking, manufacturers input software or hardware that makes it difficult for third parties to make repairs, so consumers are forced to pay expensive repair fees to the original company. Newag denies allegations that it has inserted locking mechanisms in its trains, but several Polish train operators have corroborated Dragon Sector’s allegations.

A train operator out of Warsaw, SKM Warszawa, told Gizmodo it recorded one case of a Newag train with a locking mechanism, that corresponds to Dragon Sector’s story. Last week, another Polish train operator, Polregio, told the publication Onet, that its Newag trains were still failing to start due to blocks that align with Dragon Sector’s allegations.

Newag published a paper denying Dragon Sector’s claims on Dec. 19th, but it has since been removed from its website. In that paper, Newag claims that competing workshops and Dragon Sector don’t have the proper “license” to work on its train’s software. Dragon Sector, however, says they are authorized users of the train software because they were hired under contract by an authorized train workshop. They’ve never heard of the licenses Newag alleges.

Even if the licenses are real, their existence is at odds with the right-to-repair movement. Requiring operators and workshops to obtain a separate license to repair trains, not included in the sale of the train, is unusual altogether. A more traditional system is New York City’s flagship subway operator, the Metropolitan Transportation Authority. The MTA told Gizmodo that after a two-year warranty, the city’s workshops are allowed to conduct regular maintenance and repairs on subway cars.

In the same paper, Newag alleges that vehicle repairs are a “small fraction of Newag’s business,” which it estimates at roughly 5%. Newag confirmed this figure to Gizmodo independently. In the manufacturer’s financial statements, vehicle repairs fall under the category of “repairs and modernizations,” which represented nearly 20% of its total revenue for the first nine month of 2022, and roughly 60% in 2023. “Repairs and modernizations” represent a significant portion of the company’s total revenue, but a Newag spokesperson told Gizmodo this section “includes a much larger volume of services” than just repairs. They went on to stand by the claim that repairs make up about 5% of revenue.

Newag’s recent financial statement shared with Gizmodo by an analyst.

Newag’s recent financial statement shared with Gizmodo by an analyst.
Image: Newag

Dragon Sector commends Newag for making great trains but believes they should not be in the repair market if they’re going to be anti-competitive. The other largest train manufacturer in Poland, Pesa, is not in the repair market at all.

“When those trains were being serviced and couldn’t start running, this affected people. The train system in lower Silesia was overloaded,” said Bazański, which the Polish media reported on in 2022. “There just wasn’t enough rolling stock in service.”

Dragon Sector wants people to know that they were not malicious in speaking out against Newag, they simply wanted to help the people who were affected. Allowing trains to be repaired swiftly and in a cost-efficient way likely means fewer delays for riders. Infractions of the right-to-repair movement often end up hurting end-users the most.


Click Here For The Original Story From This Source.

National Cyber Security