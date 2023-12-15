Three Polish white-hat hackers were hired to fix the software of trains that had been artificially blocked. This caused the trains to become completely unusable, which in the computer field is usually expressed as “bricking them” (for “brick”, bricks, leaving them useless as such).

According to the news revealed in 404, all evidence points to the fact that the manufacturer of the trains was the one who “bricked” them, although this company denies it. Not only that, he is now demanding that the repaired trains be removed from service because they have been “hacked” and therefore could be unsafe. They have not offered evidence in that sense either.

The case is reminiscent of others in which the right to repair seeks to counteract the application of DRM systems to all types of devices and products. We have a good reference in John Deere tractors, which for years have tried to prevent owners from being able to repair them themselves. Apple, which—like other manufacturers—made independent repairs increasingly difficult, ended up giving in (a little) to pressure from users and regulators.

The right to repair also applies to trains

In Ars Technica they give additional details of the event. The three developers (Jakub Stępniewicz, Sergiusz Bazański, and Michał Kowalczyk), members of the Dragon Sector group, were contacted in June 2022 by a Polish shop called Serwis Pojazdów Szynowych (SPS) that specializes in train repair and was desperate for find a solution to the problem.

The aim was to try to find out why several trains manufactured by Newag and operated by the Lower Silesian Railway line were showing “mysterious faults”. As indicated by the local media, Rynek Kolejowy, there was a growing problem for transporters and users due to the shortage of trains.

After two months analyzing the software, the hackers detected that “manufacturer interference” caused “forced failures and the trains could not start.” According to their conclusions, the trains were “bricked” as a consequence of “a deliberate action on the part of Newag.”

The hackers managed to solve the problem and even published a video on YouTube showing the trains being back in operation. Two of the members of the Dragon Sector group gave a talk about this achievement last week at the Oh My H@ck conference in Poland, and one of the team members also explained the event in a thread on his Mastodon account.

Meanwhile, the company that manufactures the trains, Newag, has ended up threatening to sue the hackers, a now classic strategy in this type of battles for the right to repair. In statements to Runek Kolejowy, those responsible for the company indicated that “our software is clean. We have not introduced, we do not introduce and we will not introduce into the software of our trains any solution that causes intentional failures. This is a slander of our competition, which “is running an illegal black PR campaign against us.” The company has also added that it has reported the situation to “authorized authorities.”

For its part, Dragon Sector has published a long statement (translation with Google Translate) in which they explain how they have developed their work and explaining what type of DRM systems were found during that evaluation of the original problem. The railway operator SPS has sided with the hackers.

