Uhhoh!
  • Communities
  • Create Post
  • Create Community
  • heart
    Support Lemmy
  • search
    Search
  • Login
  • Sign Up
HaraldvonBlauzahn@feddit.org to Free and Open Source Software@beehaw.org · 21 hours ago

Polish Train Maker Is Suing the Hackers Who Exposed Its Anti-Repair Tricks

www.ifixit.com

external-link
message-square
12
link
fedilink
  • cross-posted to:
  • right2repair@discuss.tchncs.de
  • europe@feddit.org
  • latestagecapitalism@lemmygrad.ml
  • lobsters@lemmy.bestiver.se
  • technology@lemmy.world
157
external-link

Polish Train Maker Is Suing the Hackers Who Exposed Its Anti-Repair Tricks

www.ifixit.com

HaraldvonBlauzahn@feddit.org to Free and Open Source Software@beehaw.org · 21 hours ago
message-square
12
link
fedilink
  • cross-posted to:
  • right2repair@discuss.tchncs.de
  • europe@feddit.org
  • latestagecapitalism@lemmygrad.ml
  • lobsters@lemmy.bestiver.se
  • technology@lemmy.world
Polish Train Maker Is Suing the Hackers Who Exposed Its Anti-Repair Tricks
www.ifixit.com
external-link
Newag, maker of Polish trains, is suing ethical hackers who exposed its anti-repair software, threatening independent repair and consumer rights.
alert-triangle
You must log in or # to comment.
  • Gaywallet (they/it)@beehaw.orgM
    link
    fedilink
    arrow-up
    6
    ·
    10 hours ago

    FYI this was already posted to technology, here.

  • Chahk@beehaw.org
    link
    fedilink
    arrow-up
    14
    ·
    15 hours ago

    “You wouldn’t download a train!”

  • 0xtero@beehaw.org
    link
    fedilink
    arrow-up
    32
    ·
    20 hours ago

    The EU should slap the living daylights out of this company

  • Otter@lemmy.ca
    link
    fedilink
    English
    arrow-up
    47
    ·
    21 hours ago

    In one of the most popular presentations at 37C3, the three hackers uncovered something monstrous: Newag trains went into hibernation using a sophisticated game of hide-and-seek if they were parked for too long within the geocoordinates of competitors‘ or customers’ workshops or were left in conditions that indicated they underwent an unregistered repair. Only by calling in a Newag technician could such deactivated trains be ‘rescued’. All of this was uncovered without the potentially illegal replacement of train components which would require certifications.

    What.

    Streisand Effect in 3, 2, 1…

    • Muehe@lemmy.ml
      link
      fedilink
      arrow-up
      15
      ·
      14 hours ago
      • Breaking “DRM” in Polish trains – Reverse engineering a train to analyze a suspicious malfunction (2023)
      • We’ve not been trained for this: life after the Newag DRM disclosure (2024)
  • orsetto@lemmy.dbzer0.com
    link
    fedilink
    arrow-up
    14
    ·
    17 hours ago

    The best part of that presentation was code thst looked like the this

    if (day > 15 && month > 11 && year > 2010) {
        // Yes the date is random i don't remember the real one
    }
    
    • Powderhorn@beehaw.org
      link
      fedilink
      English
      arrow-up
      2
      ·
      11 hours ago

      That’s going to spit out a very weird dataset. There may be edge cases where data for the back half of December from 2011 forward would be useful, but I can’t think of one.

      • orsetto@lemmy.dbzer0.com
        link
        fedilink
        arrow-up
        3
        ·
        10 hours ago

        Forgot to clarify, that was reverse engeneered code from the train firmware (i don’t remember what it was trying to do)

  • HaraldvonBlauzahn@feddit.orgOP
    link
    fedilink
    arrow-up
    38
    ·
    edit-2
    21 hours ago

    Statement and more informations from the German CCC alias Chaos Computer Club, a civil rights organization of software tweakers and computer experts:

    https://www.ccc.de/en/updates/2024/das-ist-vollig-entgleist

    By the way: The train manufacturer company is suing the people who exposed this, and CCC is collecting donations for their legal support - details on the page linked above.

    • LeFrog@discuss.tchncs.de
      link
      fedilink
      arrow-up
      8
      ·
      17 hours ago

      The “defence” of Newag is wild: they claimed that the repair company (SPS) installed these malicious parts of the software. Why would SPS would do that and lose the repair contract back to Newag? That’s just a cartoonishly dumb claim

  • HaraldvonBlauzahn@feddit.orgOP
    link
    fedilink
    arrow-up
    36
    ·
    21 hours ago

    It is not only trains. In Germany, some hearing aid manufacturers are now adding codes that allow repairs to be done only by a specific shop. Since the device is paid and owned by the wearer, this should be illegal.

  • Björn Tantau@swg-empire.de
    link
    fedilink
    arrow-up
    7
    ·
    16 hours ago

Free and Open Source Software@beehaw.org

foss@beehaw.org

Subscribe from Remote Instance

Create a post
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !foss@beehaw.org

If it’s free and open source and it’s also software, it can be discussed here. Subcommunity of Technology.


This community’s icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

Visibility: Public
globe

This community can be federated to other instances and be posted/commented in by their users.

  • 217 users / day
  • 328 users / week
  • 766 users / month
  • 2.91K users / 6 months
  • 2 local subscribers
  • 19.8K subscribers
  • 248 Posts
  • 4.24K Comments
  • Modlog
  • mods:
  • Gaywallet (they/it)@beehaw.org
  • alyaza [they/she]@beehaw.org
  • BE: 0.19.12
  • Modlog
  • Instances
  • Docs
  • Code
  • join-lemmy.org