Hackers Uncover Trains Designed to Fail in Poland

2024

A massive controversy has erupted in Poland's train manufacturing industry, with Newag, a leading train manufacturer, accused of incorporating DRM-style protection into its vehicles to prevent repairs at competitor facilities. The issue came to light when several Newag trains inexplicably broke down, including one that bricked itself on November 21, 2023. An independent repair shop, SPS Mieczkowski, was fined by a rail operator for failing to repair one of Newag's trains, prompting them to hire a collective of hackers, Dragon Sector, to investigate.

The hackers, led by Michał Kowalczyk, discovered that Newag had intentionally programmed the trains to fail if serviced by anyone but themselves. The team found that the trains were designed to shut down if parked at an independent repair shop for several days or if components were replaced without a manufacturer-approved serial number. Newag has denied the accusations, but the evidence presented by the hackers at the Chaos Communication Congress, a prominent hacker convention, has sparked widespread concern.

The hackers revealed that the trains were programmed to lock down if they didn't move at least 60km/h for at least three minutes for more than 10 days, which led to false positives and trains locking down during servicing. Newag extended the time to 21 days and added "geofencing" to cause the trains to lock if they stayed in certain locations, including the main competitors of Newag. One of the locations was an SPS Mieczkowski workshop, the same company fined for failing to repair a Newag train.

The hackers also discovered a date check in one of the trains, which was programmed to lock down between November 21-30 and December 21-31. This led to a train breaking down on November 21, 2023, and another scheduled to break down on December 21. The hackers have stated that they are "100% sure" that Newag is in the wrong and that the company should be held accountable.

The incident has sparked a wider discussion about the right-to-repair issue in the manufacturing industry, where companies often intimidate competitor repair shops with lawsuits and unsubstantiated safety claims. The controversy surrounding Newag trains has highlighted the need for transparency and fairness in the industry. As the issue continues to unfold, it remains to be seen how Newag will respond to the allegations and whether the hackers will face legal action.

The situation is eerily familiar to those who have seen the impact of DRM on the gaming industry, where companies have used similar tactics to limit player freedom. The consequences, however, are far more severe in the case of trains, where lives are at risk. The incident has also drawn parallels with other industries, such as agriculture and automotive, where companies have used similar tactics to limit repair options and force customers to rely on them for maintenance.

As the debate continues, one thing is clear: the facts of the case have sparked a necessary conversation about the need for change in the manufacturing industry. Companies must be held accountable for their actions, and customers must be given the freedom to repair and maintain their products without fear of retribution.