My Social Portal's Friendica Social Network

Benjamin Geer

5 months ago • •

Benjamin Geer
5 months ago • •

Polish hackers figured out that a train manufacturer had programmed its trains to break down after certain dates, or if they were serviced at another company's workshop.

https://badcyber.com/dieselgate-but-for-trains-some-heavyweight-hardware-hacking/

attn @jon @echo_pbreyer

#trains #RighttoRepairEurope #InfoSec #railway #Poland #Polska

Dieselgate, but for trains – some heavyweight hardware hacking

[this is an English translation of the original article in Polish, we occasionally publish the best cyber stories from Poland in English] A train manufactured by a Polish company suddenly broke down during maintenance. The experts

^BadCyber

in reply to Benjamin Geer

RustyBertrand

in reply to Benjamin Geer • 5 months ago • •

"Armaments, universal debt, and planned obsolescence—those are the three pillars of Western prosperity. If war, waste, and moneylenders were abolished, you'd collapse. And while you people are overconsuming the rest of the world sinks more and more deeply into chronic disaster."

-Aldous Huxley, Island

RustyBertrand reshared this.

in reply to Benjamin Geer

Texas Observer

in reply to Benjamin Geer • 5 months ago • •

Great investigative work by these hackers!

in reply to Benjamin Geer

Nicole Parsons

in reply to Benjamin Geer • 5 months ago • •

It'll be interesting to see if there's similar coding within Apple phones, Nissan cars and John Deere tractors.
https://foundation.mozilla.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/
https://www.vice.com/en/article/dy348q/every-new-car-is-a-privacy-nightmare-mozilla-researchers-conclude
https://www.entrepreneur.com/business-news/john-deere-remotely-disables-tractors-stolen-in-ukraine-by/427045
https://www.theverge.com/2023/1/9/23546323/john-deere-right-to-repair-tractors-agreement

It lends credence to why these corporations fought "right-to-repair" and privacy lawsuits so vehemently.

https://www.cbc.ca/radio/costofliving/right-to-repair-roblox-and-the-robots-ruining-christmas-1.6279888/apple-gives-users-the-right-to-repair-so-what-s-the-catch-1.6279988
https://www.theatlantic.com/technology/archive/2023/08/apple-right-to-repair-california-bill/675130/

Bricking a customer's items to force the purchase of a new model is built-in obsolescence on steroids

Every New Car Is a 'Privacy Nightmare,' Mozilla Researchers Conclude

Don’t buy a Nissan if you want your sexual activity to remain private.

^{Aaron Gordon (VICE)}

reshared this

in reply to Nicole Parsons

Jon Worth

in reply to Nicole Parsons • 5 months ago • •

@Npars01 These are not quite the same, in that those are semi-consumer products. This is a question of a B2B relationship gone very wrong, which is rather different.

(Don't get me wrong - what John Deere etc. do is also wrong, but not precisely the same) @benjamingeer @echo_pbreyer

@Nicole Parsons @Patrick Breyer @Benjamin Geer

in reply to Benjamin Geer

Jon Worth

in reply to Benjamin Geer • 5 months ago • •

I was waiting for a translation of this! Super, thanks!

in reply to Benjamin Geer

Kevin Karhan :verified:

in reply to Benjamin Geer • 5 months ago • •

I really hope this will have consequences by regulators like @EU_Commission and @BNetzA and @bsi because this is #Sabotage of #PublicInfrastructure with #Malware and should be treated as the #terrorism against #CriticalInfrastructure it is!

https://mstdn.social/@kkarhan/111528207495414359

Kevin Karhan :verified:

2023-12-05 14:09:52

Does any regulator know of this #Sabotage of #CriticalInfrastructure by the #Manufacturer?
I'm shure these trains ain't exclusive to to one country and regulators from @BNetzA and @kartellamt@social.bund.de to @EU_Commission will likely be very interested in such deliberate acts of #AntiCompetiton, #AntiRepair and basically attacks on #PublicTransport #infrastructure done by #NEWAG to fleece customers!
I mean, this is next-level assholeism and makes #JohnDeere and #Apple look like #RightToRepair fans.

#malware #terrorism #sabotage #criticalinfrastructure #PublicInfrastructure @BSI @European Commission @Bundesnetzagentur

in reply to Benjamin Geer

MasterEmit

in reply to Benjamin Geer • 5 months ago • •

Credits to
@redford @q3k @mrtick

@Michał Kowalczyk @q3k :blobcatcoffee: @mrtick

This entry was edited (5 months ago)

in reply to MasterEmit

Jon Worth

in reply to MasterEmit • 5 months ago • •

@masteremit Totally. I have been crediting @redford @q3k @mrtick all day

@MasterEmit @Michał Kowalczyk @q3k :blobcatcoffee: @mrtick

in reply to Benjamin Geer

malkavon (he/him)

in reply to Benjamin Geer • 5 months ago • •

this is a truly fascinating story of corporate malfeasance. Many thanks for sharing the translated account!

in reply to Benjamin Geer

Cymphoni Fantastique

in reply to Benjamin Geer • 5 months ago • •

are you serious? They're doing this for trains? We need to ban planned obsolescence. It's so unnecessarily wasteful, and it lowers the overall quality of our stuff. If they want to make cheaper stuff, they need to invest in r&d to make more cost effective materials and designs.

in reply to Cymphoni Fantastique

Jon Worth

in reply to Cymphoni Fantastique • 5 months ago • •

@Cymphoni_Fantastique The story is indeed dead serious, yes. Although I am a little reticent to call it planned obsolescence - the plan here was to basically make sure the mid-life maintenance of these trains was done by NEWAG and no one else. For me it's more akin to a kind of espionage than obsolescence (although had it not had been discovered, obsolescence would have been the result) @benjamingeer @echo_pbreyer

@Patrick Breyer @Cymphoni Fantastique @Benjamin Geer

in reply to Jon Worth

Pyperkub

in reply to Jon Worth • 5 months ago • •

uh, maybe double-check this. Per the article:

On another train, a code was found instructing it to ‘break down’ after a million kilometres.
Checking the date is hard

A rather funny situation was encountered on another train that refused to work on November 21, 2022, even though it was not in maintenance at the time. The computer reported that the compressor had failed, although the mechanics said that everything was fine with the compressor. Unfortunately, the train still did not raise the pantographs. Analysis of the computer code detected a condition forcing the failure, which sounded like this:

if the day is greater than or equal to 21 and
if the month is greater than or equal to 11 and
if the year is greater than or equal to 2021

then report a compressor failure. The situation was funny because the train had been scheduled for servicing in November 2021 (the year before the breakdown), but the condition did not work then by coincidence. The train went into maintenance a while earlier, and was not put back into service until January 2022 – and the sophisticated logic condition described above no longer met this date. Presumably, it was the software developer’s lack of skill in constructing IFs that made it necessary to wait until November 21, 2022 for the scheduled failure.

in reply to Pyperkub

Bela Lugosi's Dad

in reply to Pyperkub • 5 months ago • •

@pyperkub but earlier in the article it makes clear that 1 million kilometers is the standard period after which trains are serviced. The point of the code wasn't to make the train "obsolete", but to punish the company who won the service contract, making sure it wouldn't start up again for them.

@Pyperkub

in reply to Bela Lugosi's Dad

Ariaflame

in reply to Bela Lugosi's Dad • 5 months ago • •

@jimbob @pyperkub And to make sure that the manufacturers would be the only ones to service it when it broke down at its standard period.

@Bela Lugosi's Dad @Pyperkub

in reply to Benjamin Geer

crazyeddie

in reply to Benjamin Geer • 5 months ago • •

"Presumably, it was the software developer’s lack of skill in constructing IFs that made it necessary to wait until November 21, 2022 for the scheduled failure. "

Unethical AND incompetent.

in reply to Benjamin Geer

Mikal with a k

in reply to Benjamin Geer • 5 months ago • •

This would make a great movie! What a wild story.

in reply to Benjamin Geer

Kimen 🏳️‍⚧️

in reply to Benjamin Geer • 5 months ago • •

What happens if this planned obsolescence system malfunctions? It seems like you could end up with a bricked train at any time.

in reply to Benjamin Geer

Dirty Hippie

in reply to Benjamin Geer • 5 months ago • •

Newag should be sued mercilessly.

in reply to Benjamin Geer

Iain

in reply to Benjamin Geer • 5 months ago • •

Ooh, a new and shiny example of kaputtalism: trying to earn money by pretending things are broken!

But seriously, screw this company and prosecute the people responsible for this. Hard.

in reply to Benjamin Geer

Smitty

in reply to Benjamin Geer • 5 months ago • •

many instruments, controls and vehicles have been doing the same for years and years.

in reply to Benjamin Geer

MHowell

in reply to Benjamin Geer • 5 months ago • •

Makes you wonder in what industry the next revelation of deep #Enshittification will be revealed. Hopefully not #Aviation or #Space

#space #aviation #enshittification

in reply to Benjamin Geer

Pyperkub

in reply to Benjamin Geer • 5 months ago • •

Some amazing work there, and one company soon to be bankrupt, I'd wager...

in reply to Benjamin Geer

Iris H. Richardson - Int. ArtH

in reply to Benjamin Geer • 5 months ago • •

Impressive and something I always suspected manufacturers do.

in reply to Benjamin Geer

Soheb

in reply to Benjamin Geer • 5 months ago • •

i read this yesterday via hacker news. It’s absolutely shocking the level of “drm” that was on the train, but incredibly impressive how the polish hackers effectively decompiled the code. Made me appreciate how there is so much to learn in this software development industry!

⇧