Polish Manufacturer Accused Of Bricking Trains If A Competitor Maintains Them.

bm
bashis mcw
Dec 22, 2023

An independent train maintenance company hired members of Dragon Sector, a Polish security team, to investigate a Newag Impuls 45WE train because it suddenly broke down during maintenance.

While reverse engineering the train computers, it was found to be a feature rather than a flaw.

"** ***** **** *** *** [************ logic **********] **** ******** ********* ***** that ***** **** ** *** ***** with ***** ***** ***** ***** **** date, ** ** *** ***** ****'* running *** * ***** ****,"

"*** ******* ** *** ********** ******** contained *** *********** ** ******* *** behavior ** *****-***** *********."

************, *** *********** ***** ** **** found * *** ** ****** *** trains **** ** ************ *** *********** in *** ***** ********.

*** ****** ***** *********** *** ****** ** * ********* [PDF, ******], *********** *** ****** ** ******* hackers.

"**** ** * ******* **** *** competition, ***** ** ********** ** ******* black ** ******** ******* **,".

*** *********** ********* ***** ******** ** the** ** *@** ********** ** ******, Poland.*************, ** *** **********, *** ********** ****** ******** ********** *** **** and ********* ** ** *** ****.

*** *********** *** ********* ******* **** detailed **** ** ******* ***** ************* ********** ******* ** ******** **-**, ****.

**** ****** ** ** ******** ** ******, ***** ************* ********* ******** ** restrict ********** *** **** ** ****** only.

********?

(1)
JH
John Honovich
Dec 22, 2023
IPVM

****, ** ****, ** ******* ** a *******, ***** ** ** ******** new *****.

(3)
AK
Alex Knapik
Dec 22, 2023
Arcules (Cloud VSaaS part of the Canon Group)

****** ******** - *** ***'* **** know ***'** ** * **** ***** it's *** ****

(2)
UE
Undisclosed End User #1
Dec 23, 2023

*** ******* ** *** ***** ********* is *****; ***** ****** **** ********* over *+ ***** ***, ****** ***** time **** *** ******* ******* *** could **** **** **** ********** ** foreign ****** ** ******** *****'* ****** growth *********. ********** ********** ** *********** truly **** ********** *% ** ***** revenues.

**** *** ** ***** ** ** hard ** ***** *** *** ** since ********* ****** ** ****.

***** ******* **** ***** ********* *** checksums ** ***** ********* *** **** comparing ***** ******* *** **** ** delivery ** * ******** **** ****** routine ***********. *** **** **** ***** just ******* **** ********* *******, *** wouldn't ******* *** ***/***/***.

***** *********, **** **** ** *** involved.

(1)
UE
Undisclosed End User #3
Dec 24, 2023
In reply to Undisclosed End User #1

** ** ******** ****** ***** ***** the ****** ** *** **** **********; Newag.

***** ** ********** **** **** ** occasion ***** ************* ***** * "*******" of * ****, ***** ***** **** it ***** **** ** ** ********. The ******, **** **** ** * repair ***** *** *** ** ***** would **** ***** ** **** ***** too ****.

***** **** *** *** *** *** 1 ******* ** ********** *** ******* that ************.**** *** * *** ** ******** entailed **** * **** ****-**** ** the *****, ********** *** ********* *******/*********** of *** ***** ***** ***. ********* this ***** **** **** ** **** the ***** *****'* **** ** *** when *******, **** ***** **** ****** up. *** ***** **** ******* *** kill ****** *** **** **** ******** to ******* ** *** **** ***** trains, ***** ********** * ****** **** were ****, *** **** ******* ** move.

***** ** * ****** ****/***** ******** that **** ******* ** ** *** service ***, ********* ***** *** ***** (it ***** *******).

** *** *** **** ****** ****** are **** ***** *****, **** *** a ********* ***** ***** ** *** a ******** ***** ***** * ********, and **** **** ********** *** ** the ************** ********* *** ****.

** ********'* **** **** ** ********* the *********** ***** * ***** ***-********* on *** ****** **** *** *** listed ** *** *********, ******** **** other **** ********* ***** *** ****** could **** ** ******** ********.

** ***** *** * *** ** stand **, **** ***** **** ******* sued *** *** ****** ******.

(1)
UM
Undisclosed Manufacturer #2
Dec 24, 2023

** *** ** * *** **** for ****** ***** ** *** ***** of ***** **** *** ***********, ***. You ***** **** ******* *** ******** of ** **-**** ***-***-***** ***** ** those ** **********.

bm
bashis mcw
Dec 28, 2023

*********** *********** *** ***** ********************* ** *** **** ***** ************* Congress ** *******.

**** ********* *** **** ***** * debug ******** **** ** ********* ******* username *** ******** ** ******** *** firmware ***** **** *** ***** *** were **** ** ***** ******* ***********.

**** ****** ** *** *** ******* and ***** ****** *** ***** **** some **** **** *** ** * on ****** ******, ***** **** *** the ***** ******* ***** ******* *** bits ** *** **** ** *** working *****.

*** *********** ***** ** **** ************* that *** ******* ********* ** ** "emergency ****" ******.

IPVM Image

*** ******* ******* ******* ** *** trains ** *** **** *** *** days ******* ****/* *** * *******. It *** **** ***** ** **** an ******** **** ********* ** **/** days, **** ***** **********.

IPVM Image

*** *********** **** ***** ** ***** several ***********' ******* **********, ** ********* by *** *********** ***** ******* *********** translated **** ****.

IPVM Image

IPVM Image

*** ************ ******** *** **** ******** in *** ********** *** *** ***** to ** **** *** ********* ******** of *** ****** *************.

IPVM Image

**** **** ***** ********** ****** *** serial ****** *******, ******** ********, *****, and **** ** ******* *** ****** by ************ * ********** *****.

** *** ******, **** ***** ** the **** **** *** ********** ***** break ** ******** **-** *** ******** 21-31.

IPVM Image

****** *** ****** **** ** ************ key *********** ** *** ***** ********.

IPVM Image

*** *********** ****** * ******* ** the ************'* *********.

IPVM Image

*** **** *** ***********; *** *** see *** ***** **** ****.

(2)
New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions