Polish Indie Repair Shops Had To Hire Hackers To Tackle Pointless, Train-Crippling DRM
from the fix-your-own-shit dept
One reason that “right to repair” reform has such broad, bipartisan public support is because there’s really no aspect of your daily life that isn’t touched by it. The effort to monopolize repair isn’t just the territory of Apple or game console makers like Sony and Microsoft. The problem is present in everything from the agricultural and medical gear sectors, to transportation.
Everywhere you look you have companies attempting to drive independent repair shops out of business, in turn creating numerous headaches while they drive up costs for consumers. Then, whenever absolutely anybody proposes doing anything about their attempt to monopolize repair, these companies will complain critics are putting consumer security, privacy, or safety at risk. It’s clockwork.
The latest case in point: 404 Media noticed that over in Poland, one regional rail company and a train manufacturer named NEWAG has taken to using DRM to lock down trains that are repaired by independent technicians, in a bid to both monopolize — and drive up the costs of repair.
The intentionally broken tractors disrupted rail travel, so independent technicians took to hiring a white hat hacking group dubbed Dragon Sector to bypass the DRM and get the trains running again:
“These trains were locking up for arbitrary reasons after being serviced at third-party workshops. The manufacturer argued that this was because of malpractice by these workshops, and that they should be serviced by them instead of third parties,” Bazański, who goes by the handle q3k, posted on Mastodon. “After a certain update by NEWAG, the cabin controls would also display scary messages about copyright violations if the human machine interface detected a subset of conditions that should’ve engaged the lock but the train was still operational. The trains also had a GSM telemetry unit that was broadcasting lock conditions, and in some cases appeared to be able to lock the train remotely.”
Again, manufacturers aren’t doing this to genuinely protect hardware or customer security and safety (though executives may have convinced themselves of such). They’re doing it because they’re obsessed with control, and because they want a monopoly on repair.
And, as always, the folks trying to bypass the unnecessary, self-serving restrictions are framed by industry as radical rabble-rousers and a threat to public safety:
“Hacking IT systems is a violation of many legal provisions and a threat to railway traffic safety,” NEWAG added. “We do not know who interfered with the train control software, using what methods and what qualifications. We also notified the Office of Rail Transport about this so that it could decide to withdraw from service the sets subjected to the activities of unknown hackers.”
The problem for companies following this path is that the widespread, bipartisan support for right to repair reform is only growing. The more companies try to fight back, the bigger the opposition gets. That’s a major reason why companies like Apple and Microsoft (at least publicly), have begun softening their rhetoric and started focusing on controlling the contours of potential legislative reforms.
Filed Under: consumer rights, drm, freedom to tinker, independent repair shops, poland, trains
Companies: newag
Comments on “Polish Indie Repair Shops Had To Hire Hackers To Tackle Pointless, Train-Crippling DRM”
There’s a more fundamental problem here that is the concept of property. The fact that companies feel comfortable messing with your property without your authorization and preventing you from using it as you see fit should be absolutely terrifying. Can you imagine the real estate you bought your house from arbitrarily deciding to lock your house because you didn’t call their repair crew to fix some pipe leak? Yeah.
Re:
The Polish train operator could’ve responded with almost exactly the same statement: “Hacking IT systems is a violation of many legal provisions and a threat to railway traffic safety…” I had to re-read it more carefully to see that NEWAG, who wrote that statement, was the manufacturer and not the operator.
Re: Goodbye ownership, hello renting framed as 'ownership'...
The fact that companies feel comfortable messing with your property without your authorization and preventing you from using it as you see fit should be absolutely terrifying.
Oh it’s even more messed up than that because in their minds they’re not, rather what they are doing is messing with their property that you’re merely paying them to use.
To companies like this the only purchase made is a license that allows the customer limited use of the company’s property, property that they still own in full despite advertising the transaction as a ‘sale’ and therefore can mess with as they wish.
NEWAG, more like NE-WANG
https://youtu.be/w8NqBXT6Kos?si=jcX3v4voe8oNJKM_
Re: Ransomware, but by a company
A software that locks up an entire device smells like a ransomware.
Re: Re: Espically the fact it locks up the device, and demands a payment to unlock.
Digital rights malware
Re: Re:
RAAS Ransomware as a Service
Don’t forget the undocumented GSM modem hidden in a deliberately mislabeled electrical component through which at least some of the trains got an update to the “brick the train if it stands still for 14 days”-command to “brick the train if it stands still for 14 days in these geo-fenced areas”-command.
Newag even had the chutzpah to complain to Poland’s former minister of digital affairs (Janusz Cieszyński) that they had been attacked by cybercriminals. Janusz reaction boiled down: “I actually understand this and the evidence suggests nothing of what you are claiming.”
Re:
Wait really? I hadn’t read about the modem.
Re: Re:
From here, where someone did a summary of the presentation.
https://www.railforums.co.uk/threads/accusations-that-newag-pl-is-intentionally-making-its-trains-fail.258894/#post-6530155
Re: Re:
Just deploy a jammer ro stop the modem from sending anything out
They will never figure out what is happening when the modem stops sending anything back.
Problem solved
Re: Re: Re:
Simpletons have the stupidest solutions.
Why would anyone deploy a jammer for something they didn’t know existed?
And when they find out it exists, it’s easier just to disable it than deploy a jammer.
And deploying a jammer tend to piss your passengers off when their phones stop working every time they ride the train. Plus, it is illegal in Poland as in most other countries to jam telecommunications.
Re: Re: Re:2
If you have right jammer you can jam.data but voice calls will still work
I know because 10 years ago I had a neighbor that would jam cellular data on his kids phones during dinner but voice calls still came through
Whwn he jammed data to knock out Internet on his kids phones during dinner, he did not break any laws
The apartment manager at the time told me there was nothing she could do.about it as long as he did not jam voice calls and was told I had to live with it.
Jamming data to.keep.your kids off the Internet during dinner does not break the law
Re: Re: Re:3
Things have changed in the last 10 years: voice now runs over the data networks (“Voice over LTE” or VoLTE).
Your neighbor was almost certainly breaking laws (interfering with a licensed service outside their private property), and your country’s radio regulator would be the correct party to complain to. Landlords are not expected to know or enforce such laws.
Re: Re: Re:4
I had homes on Australia and the US at the time, and it was at my apartment in California this happened
He broke no laws at either the state or federal level when he jammed his kids wireless Internet during dinner.
Jamming your kids phones during dinner does not break any laws in the United States
Re: Re: Re:5
If that jamming also happens to jam someone else’s phone outside of your property, then yes it does.
Re: Re: Re:6
In the USA, Federal law prohibits the operation, marketing, or sale of any type of jamming equipment that interferes with authorized radio communications, including cellular.
Re: Re: Re:5
Parents have rights. As a parent, he was well within his rights to jam his kids cell phones during dinner.
As a parent, you have a right to keep your kids off their phones at dinner by any method, including jamming them.
What ever happened to parental authority in America?
He was exercising his parental authority.
Re: Re: Re:6 there are limits
It is not permitted for you to spank someone else’s kids, absent their permission. Neither is it permitted for you to interfere with other people’s kids’ car phones.
A better approach might be to bar the use of phones during meal times, but with the rule applicable only at your table and leaving the neighbors to craft their own rules.
Re: Re: Re:7
Patents still have the right to spank in the red wall states of the Midwest and South, so you are wrong about spanking
Re: Re: Re:4
One form of jamming that I think is going on, that being abortion clinics in California jamming GPS and/or cellular data, is not illegal.
With some states wanting to prosecute women, who, say, travel to California for an abortion, I have no problem
While I am as pro-life as they come, I believe that as long as abortion remains legal in California, any woman from out of state who has the money should be able to get it.
There are two places where when I drive here in town, my cellular internet connection goes out, which also happen to be near abortion clinics.
By jamming cellular internet and/or GPS there is no Google location data that can be recorded or subpoanead. There is no law in any state that makes it illegal to obfuscate evidence like that. And if a woman pays with cash, there is no bank trail. There is no law they can be prosecuted under the preventing evidence from being collected.
The clinics are protecting their customers, and businesses, and, therefore, have the right to deploy jammers to do that and do break any laws, even if people’s IHeart and YouTube music gets cut off to people who drive near there.
If my music cuts off, I just have to put up with that.
Re: Re: Re:3
That’s not how cell-networks function unless it is a pre 2G network. 2G and later doesn’t separate voice and data because voice is sent as data using various compression-schemes.
Plus, it’s still illegal to use jammers in almost any part of the world and in the US it’s even a federal crime if I remember correctly.
Stupid ideas are stupid ideas regardless of your questionable motivation.
The dmca dies not apply in Poland
Just like when the maker of one GPS app cracked Android Auto to allow their GPS app to work in Android auto
Because they are in Slovenia they are not subject to prosecution in the United States.
They are only subject to Slovenian laws. American laws do not apply to Slovenian companies.
Re:
Uh what are you blathering about? There is nothing here about the DMCA.
Are you really trying to claim that only the USA has copyright(s) and enforcement of said rights?
Never heard of the Berne Convention and the various revisions and add-ons to it negotiated over time?
Re: Re:
NOt all countries have anti cirumvention laws like the USA
That is why, for example, when the government mandated “kill switch” comes into US sold cars in 2026, you could take the car to Mexico and have the car hacked to disable the kill switch and American laws would have no jurisdiction in Mexico.
A shop in Mexico cannot be prosecuted in the United States for what they do in Mexico, regardless of American law
That is why this GPS app maker in Slovenia cannot be prosecuted in the United States for cracking Android Auto to allow their app to be used in Android Auto.
It is a matter of circumnventing Google’s restriction that only its mapping application can be used in Android Auto.
Circumventing that on their app does not violate Slovenian laws and then charge a roughly $15USD per month, at current exchange rates, for you to use it in Android Auto is not a crime in Slovenia, and they cannot be prosecuted in the United States becuase United States laws do not apply in Slovenia.
Re: Re: Re:
You realize that the us arrested and imprisoned a head of state, Manuel Noriega, who never stepped foot on US soil, and who was the president of Nicaragua at the time right?
Re: Re: Re:2 not at all sure, I would say
How sure are you of that location? Old pineapple-nose may well have been dictator of an entirely different country than you think.
The country of which he was president was in effect a U.S. colony. It seemed worthwhile to the U.S. government to go ahead and grab him and punish him for insubordination. so they did. There may have been a few ugly aspects to the whole operation.
Re: Re: Re: Manuel Noriega
Manuel Noriega was the president of Nicaragua, until the US arrested him in Nicaragua, despite him never stepping foot on US soil. Also foreign corporations get sued all the time for acts done abroad.
Re: Re: Re:
Interpol would like to remind you that it will do the bidding of whoever applies pressue on them.
If the US hasn’t tried to bully other countries to do their bidding.
Kim Dotcom would also like to remind you that the US is so beholden to corporations that he got arrested for copyright infringement in the US… while living in New Zealand.
And it gets worse when you’re outside of the US. Mossad, China, the FSB…
Put it this way, when there’s a will, there’s a way. And sometimes, the “way* involves your death when Russia and Israel are involved.
Oh wait, there’s also the Gulf states. Poor Kashoggi…
Re: Re: Re:2
Then their loved ones back home can obstrucy prosecutirs by breaking in to the us attorneys office computer network and put it out of commission and cost them.a big repair bill
Putting theit computers out of commission can keep.them.from.being able to prepare their case
If that happened to anyone in my family imwoukd do that. I woukd everything possible to obstruct prosecutors
I wouid love to see their faces when they found their network trashed and that were going to face a big repair bill to get their computers fixed
Then you throw the computer you used to do that in the ocean so they cannot get any evidence
Re: Re: Re:2
However, if a service is in a BRICS country, not so much.
These pirate IPTV services, with as many as 75,000 channels for insanely low prices, are now a dime a dozen and operated out of BRICS countries, who are not likely to be very cooperative to the United States.
BRICS is basically giving the middle finger to America right now.
That is why I use VPNs in BRICS countries, combined with Tor, when posting here, so I can never
I would not be surprised if the Feds are watching my posts, so I use VPNs in BRICS countries, with Tor on top of that.
The database backend on any website is vulnerable, the Feds could break into the MySQL backend here, get the metadata and Mike would never know they Feds were in his system because MySQL has no logging.
Re: Re: Re:3
Stop watching spy-kids FFS.
Doctorow’s Law: Anytime someone puts a lock on something you own, against your wishes, and doesn’t give you the key, they’re not doing it for your benefit
'If you would like your train to move again deposit five million in the following account...'
Even setting aside the highly questionable ability for the company to remotely brick a train if they detect that someone else has ‘tampered’ with it the fact that they included that as part of the software presents a glaring security vulnerability for others of less greed and more malicious intent to exploit, making their claims of concern for public safety all the more hypocritical.
Re:
Totally, and now thanks to this whole rigmarole, everyone knows about the vulnerability in NEWAG trains!
It’s just a matter of time until others who own them are targeted. Stopping the trains from running hurts the economy instantly, whether it’s moving people, goods, or both. It’s the exact type of essential target ransomware hackers like to attack because they are likely to get paid ASAP (similar to hospitals, utilities, etc.), not to mention state-sponsered actors like Russia who might have other reasons to want to stop trains in Poland than money, like to do with Poland’s support for Ukrainian refugees etc.
It really is bonkers ho short-sighted this type of activity is by these companies. They should focusing on having the best repair shops for the best prices, so that everyone wants to use them, but instead they do stuff like this. I would say it’s just lazy, but it’s not, it requires extra work, like hiding components in the train, over-the-air updates, etc. So really it’s probably just greed.