2023-12-14 22:09:00
“Killswitch” Pre-programmed failures: Hackers uncover targeted train sabotage – by the manufacturer
Trains manufactured by Newag are said to have been regularly switched off on purpose
© Mateusz Wlodarczyk/ / Picture Alliance
There are always fears of hacker attacks on parts of the infrastructure. In Poland, however, an attack has just uncovered targeted sabotage. Ironically, the manufacturer had installed a back door to ensure failures.
Trains kept coming to a standstill. And couldn’t be started anymore. The Polish railway was faced with a puzzle. After a hacker attack was ruled out as the cause, the operator then sought help from the scene himself. In fact, the hired group Dragon Sector could then Prove sabotage. However, already ex works.
The security experts showed this last week at the hacker conference “Oh My Hack”. The Polish rail vehicle service SPS had recruited the group because trains manufactured by the manufacturer Newag and operated by the railway operator Koleje Dolnośląskie (“Lower Silesia Railway”) had repeatedly broken down for months. The failures had become so frequent that the trade magazine “Rynek Kolejowy” already wrote about “a serious problem”. In the end, the hackers were actually able to resolve the cause – and even fix the error.
Targeted blockade
However, the search for the cause took months. The hackers had to deal with numerous setbacks: for example, they accidentally torched one of the circuit boards and had to manually dig through the poorly documented program code. It was only when a troubleshooting interface was discovered by chance that the breakthrough finally came. Hidden in the depths of the program code of the trains from the manufacturer Newag, they discovered commands “that led to forced failures and non-starting of the trains,” the group explained. They ruled out a pure error as the cause. It was “a targeted act on Newag’s part,” was the harsh accusation. This behavior was found not only on KD trains, but also on other providers throughout Poland that relied on Newag trains.
Specifically, the programming of the trains meant that they no longer worked after repairs were carried out by third-party service providers. According to the hackers, the manufacturer had installed several measures for this purpose. On the one hand, the trains simply blocked when components that did not come from the manufacturer were used. On the other hand, the trains specifically failed to function when they were repaired by the SPS: If the train was in the provider’s hall for several days, it simply no longer started. The fact that the sabotage was actually directed against the competitor could even be proven in the code: it contained specific GPS data from the repair halls. There is even said to have been a hall underneath that wasn’t even finished yet.
“These trains stalled after being serviced by third-party repair shops,” explained a member of the group at Mastodon. “The manufacturer claimed that this was related to misconduct in the workshops. And that the trains should be maintained by the manufacturer instead of a third party.” In some cases, the manufacturer is said to have even been able to block the trains remotely using a mobile phone module.
Manufacturer rejects allegations – and threatens to sue
The manufacturer now sees itself wrongly accused. The company said in a statement that the trains had not been tampered with. “Hacking IT systems is a violation of numerous legal requirements and a threat to rail security”; it continues there. The company threatened the Dragon Sector hackers with legal consequences: they would pursue lawsuits for defamation and violations of IT security laws. The company demanded that the trains had to be taken out of service due to security deficiencies caused by the hackers.
However, this is contradicted by the fact that the hackers discovered a key combination with which the blockage could be easily removed in the driver’s cab of the train – without having to open the control boxes. “That magically fixed the error,” a member of the group told 404 Media. This “error” has now apparently been fixed: after some media outlets picked up on the discovery, the code suddenly stopped working.
Support from politics
In fact, the manufacturer has financial incentives to boycott third-party repairs. After the maintenance of the trains had been taken over by Newag itself for years, SPS won a new tender for the contracts and was allowed to take over the required maintenance after one million kilometers had been driven. Newag lost millions in revenue due to its competitor’s lower bid.
The fact that the hackers still don’t show much concern about a lawsuit from the railway manufacturer is probably due to the burden of proof. Even Janusz Cieszyński, the Minister of Digitalization responsible for the railway, expressed doubts about the company’s presentation on Twitter/X. “The president of Newag contacted me,” he wrote in a post. “He claims that the company has fallen victim to cybercriminals. However, the analysis I have seen suggests otherwise.” The allegations have already had consequences for the company: the first rail providers have announced that they will file lawsuits. The share price has already fallen by over ten percent.
Sources: Bad Cyber, Railway Market, 404 Media, MastodonTwitter
#Subjects
#Train #failures #Hackers #uncover #targeted #sabotage #manufacturer