q3k :blobcatcoffee:
I can finally reveal some research I've been involved with over the past year or so.
We (@redford, @mrtick and I) have reverse engineered the PLC code of NEWAG Impuls EMUs. These trains were locking up for arbitrary reasons after being serviced at third-party workshops. The manufacturer argued that this was because of malpractice by these workshops, and that they should be serviced by them instead of third parties.
1/4
q3k :blobcatcoffee:
The key unlock was deleted in newer PLC software versions, but the lock logic remained.
After a certain update by NEWAG, the cabin controls would also display scary messages about copyright violations if the HMI detected a subset of conditions that should've engaged the lock but the train was still operational.
The trains also had a GSM telemetry unit that was broadcasting lock conditions, and in some cases appeared to be able to lock the train remotely.
3/4
q3k :blobcatcoffee:
We found that the PLC code actually contained logic that would lock up the train with bogus error codes after some date, or if the train wasn't running for a given time. One version of the controller actually contained GPS coordinates to contain the behaviour to third party workshops.
It was also possible to unlock the trains by pressing a key combination in the cabin controls. None of this was documented.
2/4
q3k :blobcatcoffee:
@redford and @mrtick held an unrecorded talk a bout this at OhMyHack in Warsaw - I unfortunately couldn't make it because of Munich snow.
For now this is making the rounds in Polish-speaking sources, but we do have a talk scheduled about this at 37C3, in which we plan to do a deep dive into this and actually publish our findings.
@zaufanatrzeciastrona 's article about this: https://zaufanatrzeciastrona.pl/post/o-trzech-takich-co-zhakowali-prawdziwy-pociag-a-nawet-30-pociagow/
GreenSkyOverMe (Monika)
@q3k O.M.G.
Aral Balkan
@q3k Malware as a Service.
Emmanuele Bassi
@q3k @redford @mrtick I bet the managers and engineers were all proud of this stuff
Pleroma-tan
A* Ulven :verified_blobcat:
@q3k @redford @mrtick @zaufanatrzeciastrona is anyone getting sued at least?
Because this is ridiculously anticompetitive behaviour.
Kevin Karhan :verified:
@q3k Does any regulator know of this #Sabotage of #CriticalInfrastructure by the #Manufacturer?
I'm shure these trains ain't exclusive to to one country and regulators from @BNetzA and @kartellamt@social.bund.de to @EU_Commission will likely be very interested in such deliberate acts of #AntiCompetiton, #AntiRepair and basically attacks on #PublicTransport #infrastructure done by #NEWAG to fleece customers!
I mean, this is next-level assholeism and makes #JohnDeere and #Apple look like #RightToRepair fans.
Sexy Moon
Kermode
@cstanhope
I did see this also on HN earlier today at work. Cool to see the actual ppl on fedi now though :-)
https://news.ycombinator.com/item?id=38530885
Iván Rivera
@mansr @q3k WOW. Just wow. This is, as Cory Doctorow @pluralistic would put it, the enshittification of trains. These are John Deere-level shenanigans.
Mans R
@q3k Might interest @brucknerite
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.