Trains were designed to break down after third-party repairs, hackers find
Enlarge / Dragon Sector uploaded a video to social media after discovering an "undocumented unlock code' which you could enter from the train driver's panel" fixed "mysterious issues" impacting trains in Poland. (credit: Adam Haertle on YouTube)
An unusual right-to-repair drama is disrupting railroad travel in Poland despite efforts by hackers who helped repair trains that allegedly were designed to stop functioning when serviced by anyone but Newag, the train manufacturer.
Members of an ethical hacking group called Dragon Sector, including Sergiusz Bazaski and Micha Kowalczyk, were called upon by a train repair shop, Serwis Pojazdow Szynowych (SPS), to analyze train software in June 2022. SPS was desperate to figure out what was causing "mysterious failures" that shut down several vehicles owned by Polish train operator the Lower Silesian Railway, Polish infrastructure trade publication Rynek Kolejowy reported. At that point, the shortage of trains had already become "a serious problem" for carriers and passengers, as fewer available cars meant shorter trains and reduced rider capacity, Rynek Kolejowy reported.
Dragon Sector spent two months analyzing the software, finding that "the manufacturer's interference" led to "forced failures and to the fact that the trains did not start," and concluding that bricking the trains "was a deliberate action on Newag's part."