In one of the coolest and more outrageous repair stories in quite some time, three white-hat hackers helped a regional rail company in southwest Poland unbrick a train that had been artificially rendered inoperable by the train’s manufacturer after an independent maintenance company worked on it. The train’s manufacturer is now threatening to sue the hackers who were hired by the independent repair company to fix it.

After breaking trains simply because an independent repair shop had worked on them, NEWAG is now demanding that trains fixed by hackers be removed from service.

    • Lev_Astov@lemmy.world
      link
      fedilink
      English
      arrow-up
      31
      arrow-down
      1
      ·
      11 months ago

      Yeah, especially in the EU where apparently their laws regarding circumventing DRM might make the people who fixed this the bad guys instead of this comically evil manufacturer who put GPS kill switches on public passenger trains.

    • FlashMobOfOne@lemmy.world
      link
      fedilink
      English
      arrow-up
      18
      arrow-down
      118
      ·
      11 months ago

      right below war correspondents

      Eh, they should report war on the same page as the weather if you ask me.

  • BloodSlut@lemmy.world
    link
    fedilink
    English
    arrow-up
    241
    arrow-down
    1
    ·
    11 months ago

    “We didn’t add a kill switch to our trains to force the use of our maintenance service, but fuck the hackers that removed the kill switch we didn’t implement, and the trains that were hacked and don’t have the kill switch we didn’t add should be removed from service.”

    • Hamartiogonic@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      8
      arrow-down
      1
      ·
      11 months ago

      Trump and the whole Brexit circus have set a very high bar, but somehow someone still manages to produce quality comedy.

  • Syo@kbin.social
    link
    fedilink
    arrow-up
    74
    ·
    11 months ago

    Steam engine breaks, you can fix it.

    Steam engine with digital circuit breaks, you’re a hacker, a pirate. DRM was a mistake.

    • Player2@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      45
      arrow-down
      1
      ·
      11 months ago

      But how else could companies make more money off of something you already paid for? Will someone think of the shareholders‽

    • Aceticon@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      11 months ago

      If you’re allowed to do any maintenance you want on the physical components of something you own, then you should be allowed to do any maintenance you want on the software components of something you own.

      It’s not hacking (in the sense of “unauthorized intrusion”) if you own it or have authorization to do it from the owner of it.

    • damirK@lemmy.world
      link
      fedilink
      English
      arrow-up
      22
      arrow-down
      3
      ·
      11 months ago

      Sadly they will probably win this as well. Some claim there could safety concerns and it isn’t certified or could damage their brand… time for people’s manufacturing of products? Hehe

      • Aceticon@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        11 months ago

        This is an EU country, not the US.

        Things like the DMCA provisions forbidding working around IP protection mechanisms (and software is copyrighted) don’t apply here.

        IANAL (so take this it with a pinch), unless the trains are legally theirs rather than the train company’s, it’s not hacking, it’s just “software maintenance” and the only right this company has here is to withdraw product warranties because of “unauthorized changes”.

        There might or not be a case against the train company (for example, if the contract forbade this or the train company tried to sell those trains onwards as if they were original) but not against the people who did the software changes on the trains when authorized by the owners of said trains.

        • damirK@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          11 months ago

          I assume EU has safety regulations and if a train suddenly loses its brakes they would be liable wouldn’t they? Now they can say someone has “hacked the train” and they can’t guarantee the brakes will work. I am not sure where the USA argument came from

          • Aceticon@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            11 months ago

            The responsability of circulating with a vehicle that abides by safety regulations is of the owners, not the makers.

            You’ll notice that even in the consumer auto segment (which, since run-of-the-mill consumers are not expected to be “experts”, has lots of of ways to make sure that brand new cars are sold already pre-certified “road-worthy” because normal consumers don’t have the know-how to make sure of it themselves), the actual car owners still have the responsability of having a periodic inspection done to the car and repair those things that stop it from being road-worthy and they cannot circulate with it in a public road if it’s not compliant (at least that is the case in Europe).

            Outside the consumer segment, I expect that the rules for trains are pretty similar to those for commercial aviation: the manufacturer has no responsability beyond a contractual one (i.e. the purchasing entity probably demands contractually that the vehicles they get comply with regulations, the parts they buy obbey certain specifications and maintenance done by a manufacturer-certified shop delivers a compliant vehicle) and all the regulatory responsability is in the hands of the owner (more specifically the “operator”, as for example for leased planes the airline doesn’t actually own them but they do operate them hence they’re the ones with regulatory responsabilities).

            The USA argument comes from the anti-circunvention legislation for software being part of the DMCA law, said legislation giving rights to the makers of the software to stop changes to it even in devices they do not own. Where such legislation does not apply there is no law forbidding somebody doing whatever changes they want to software as long as they own the device containing said software or have the authorization of the owner of the device whose software they are changing - the only applicable legislation here is Copyright and that only limits the distribution of the software, not the changing of it.

            It’s not at all unusual for Americans to argue that people can’t legally circumvent software protections even in devices they own, because that is indeed the case in their country thanks to the DMCA, but expecting that to be the case in Poland doesn’t make sense as the laws there are not at all the same as in the US.

            • damirK@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              11 months ago

              That’s a whole lot of energy spent based on completely incorrect assumptions about me or what I was saying so your argument can work. But sure whatever makes you feel like you are right.

              • Aceticon@lemmy.world
                link
                fedilink
                English
                arrow-up
                1
                ·
                11 months ago

                That’s a very weird take.

                You don’t know me and went all weirdly personal full of assumptions about me and without making an actual argument.

                Whatever is going on there, it’s all in your head.

  • WashedOver@lemmy.ca
    link
    fedilink
    English
    arrow-up
    68
    ·
    11 months ago

    I wonder if they were taking notes from John Deere and the automotive industry or will it be the reverse here soon?

    Just imagine all these vehicles that could be bricked for not going back to the stealerships for outrageous prices on parts and incompetent service.

    Also the vehicles that could be disabled for not paying for device protection plan that allows your vehicle to operate safely. It would be a shame if your vehicle stopped working on your way to work or the hospital.

    I suspect Tesla, BMW, and John Deere are the closest to this reality.

    I sure hope the government doesn’t help with another great cash for clunkers national program to get rid of more cars too old for these measures. Sure is a great way to drive new car sales though…

    • Maggoty@lemmy.world
      link
      fedilink
      English
      arrow-up
      20
      ·
      11 months ago

      Oh don’t count GM and a Ford out of it. They’re already kicking android auto and Apple car to the curb so they can control more stuff and get access to more data. The savvier they get the closer that comes to reality.

      Of course, by the end of our lives you won’t own a car at all. You’ll subscribe to a car company that will act like a hybrid ride share and rental program. Commutes will be on a rideshare basis and you’ll be able to rent a car for a weekend road trip.

      • WashedOver@lemmy.ca
        link
        fedilink
        English
        arrow-up
        13
        ·
        edit-2
        11 months ago

        I just heard about GM this morning in my tech news. I didn’t realize that about Ford too.

        I’ve drawn a line in the sand with my vehicles at about 2011 for tech. I love tech and I love cars but just not into the current versions of everything being touch screen controls.

        Give me knobs for climate controls, gear shifters, and gauges for the rest. They don’t need all of these computer systems that fail or become outdated as soon as they are released like the manufacturer’s nav systems. We also don’t need them to stop working completely because a sensor failed and can only be replaced by the dealer.

        My phone in a holder can be the smartest part of the car for me thanks.

        • BearOfaTime@lemm.ee
          link
          fedilink
          English
          arrow-up
          7
          arrow-down
          1
          ·
          11 months ago

          Stop reading my mind.

          You can pry my older cars from my cold, dead, hand.

          • WashedOver@lemmy.ca
            link
            fedilink
            English
            arrow-up
            4
            ·
            edit-2
            11 months ago

            I’m glad to hear that. Often I’ve driven rental cars and *last time I struggled to find the gear shifter which was replaced by buttons on the dash.

            I’ve also seen just a video of a Tesla only new driver struggle to drive a ICE car because it had a gear shifter and didn’t automatically brake. I’m feeling like a dinosaur now…

    • Hamartiogonic@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      6
      ·
      11 months ago

      If the manufacturer can stop your trains, then obviously anyone with the necessary hacking skills can do it too. Certain governments might be very interested in tampering with the logistics of another country.

  • roguetrick@kbin.social
    link
    fedilink
    arrow-up
    64
    ·
    edit-2
    11 months ago

    SPS became desperate and Googled “Polish hackers” and came across a group called Dragon Sector, a reverse-engineering team made up of white hat hackers.

    Hilarious. I hope 404 continues with this level of high quality journalism.

    Dragon sector, who they hired, is a security capture the flag team.

    https://dragonsector.pl/

    Edit: Socials of those who worked on it

    https://social.hackerspace.pl/@q3k
    https://infosec.exchange/@mrtick
    https://infosec.exchange/@redford

  • yamanii@lemmy.world
    link
    fedilink
    English
    arrow-up
    56
    ·
    11 months ago

    The anti-circumvention clause is being abused for some years now, it’s disgusting.

    • Aceticon@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      11 months ago

      So which anti-circumvention clause do you mean?

      Remember, US law doesn’t apply in Europe and as much as I know there is nothing like that in the EU.

    • SCB@lemmy.world
      link
      fedilink
      English
      arrow-up
      9
      ·
      edit-2
      11 months ago

      Thank you! Came here to ask if anyone had one source with the whole story. This keeps trickling out as it evolves.

      Edit: this story is considerably weirder than I expected, and I was already expecting some weird shit.

      Begs the question: How is any of this legal?

      • Ruscal@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        5
        ·
        11 months ago

        I would assume it is not, UE has some strict rules about fair competition, but the problem is to prove that in the court. Newag is arguing that the hacked and reverse engineered code is not the code they have. Probably in the meantime they run the cleaning protocol in the company…
        But company’s public image will hopefully suffer from the story, maybe at least they loose in eyes of potential buyers.

    • Lemminary@lemmy.world
      link
      fedilink
      English
      arrow-up
      31
      arrow-down
      1
      ·
      11 months ago

      And American Weight (?) digital scales. The ones that brick themselves after 2,000 uses because how dare you only pay once.

    • DuckOverload@lemmy.world
      link
      fedilink
      English
      arrow-up
      24
      arrow-down
      1
      ·
      11 months ago

      I think this is pretty cool. Sure, capitalists are gonna capitalist, but here we have subversive moves in a positive direction.

      • EdibleFriend@lemmy.world
        link
        fedilink
        English
        arrow-up
        11
        ·
        11 months ago

        Oh yeah what the people did to get around this is fucking awesome I do love that side of this story don’t get me wrong.

  • RememberTheApollo_@lemmy.world
    link
    fedilink
    English
    arrow-up
    23
    ·
    11 months ago

    If they required the trains to be serviced by manufacturer they should have written it into a mandatory service contract at time of sales.

  • btr_fan87@lemmy.world
    link
    fedilink
    English
    arrow-up
    13
    arrow-down
    1
    ·
    11 months ago

    Artificially bricked?! Who the hell keeps giving Viagra to trains? Evil bastards.