A trio of Polish security researchers claim to have found that trains built by Newag SA contain software that sabotages them if the hardware is serviced by competitors.
Newag, a Polish train maker, emphatically denied that it installed such software in a statement [PDF, Polish] issued Wednesday, attributing any issues to unknown hackers.
The rolling stock and engineering business insists its software is correct and that it did not design the trains' programming logic to fail under specific conditions, as has been claimed. "This is a slander from our competition, which is conducting an illegal black PR campaign against us," it protested.
Jakub Stępniewicz, Sergiusz Bazański and Michał Kowalczyk – members of Dragon Sector, a Polish security hacking team who go by the names q3k, mrtick, and redford respectively – were hired in May 2022 by Serwis Pojazdów Szynowych (SPS), an independent train maintenance firm, to look into problems with Newag Impuls 45WE trains.
SPS bid for and won a contract to maintain the trains, beating Newag, according to Polish industry publication Rynek Kolejowy.
SPS then encountered difficulties servicing the rolling stock following a software lockout. According to Bazański (q3k), the trains locked up for no apparent reason after being serviced in third-party workshops. He wrote in a thread on Mastodon that the manufacturer, Newag, argued that these third-party repair shops were deficient and that the manufacturer should be servicing its own trains.
The sec ..
Support the originator by clicking the read the rest link below.
