Skip Navigation

Polish Trains were equipped with automatic killswitch by manufacturer Newag

social.hackerspace.pl q3k :blobcatcoffee: (@q3k@hackerspace.pl)

Attached: 1 image I can finally reveal some research I've been involved with over the past year or so. We (@redford@infosec.exchange, @mrtick@infosec.exchange and I) have reverse engineered the PLC code of NEWAG Impuls EMUs. These trains were locking up for arbitrary reasons after being serviced a...

q3k :blobcatcoffee: (@q3k@hackerspace.pl)

A polish hacker found out why trains did stop working. The manufacterer implemented a hidden electronic switch, which automatically activated after trains were serviced by a different company.

You're viewing a single thread.

45 comments
  • The trains also had a GSM telemetry unit that was broadcasting lock conditions, and in some cases appeared to be able to lock the train remotely.

    So, it sounds like this remote lock is speculation, so I'm not gonna say that this is actually the case here, and I don't know how trustworthy the source here is.

    But, speaking in general: an additional problem with sticking back doors in products is that someone else may discover them and exploit them, and the uses to which they may put them may be considerably less-pleasant than whatever the purpose that the manufacturer had in sticking them in.

    Just earlier this year, we had articles about this incident with Polish trains. That wasn't a back door in that it wasn't particularly hidden, but it was a way to do remote radio control of Polish trains, and sure enough, when someone who wanted to create trouble with it discovered it, it got used to cause problems for Polish train operators.

    https://www.wired.com/story/poland-train-radio-stop-attack/

    The Cheap Radio Hack That Disrupted Poland’s Railway System

    The sabotage of more than 20 trains in Poland by apparent supporters of Russia was carried out with a simple “radio-stop” command anyone could broadcast with $30 in equipment.

45 comments