Security News > 2023 > December > Polish train maker denies claims its software bricked rolling stock maintained by competitor

Polish train maker denies claims its software bricked rolling stock maintained by competitor
2023-12-08 06:30

A trio of Polish security researchers claim to have found that trains built by Newag SA contain software that sabotages them if the hardware is serviced by competitors.

Newag, a Polish train maker, emphatically denied that it installed such software in a statement issued Wednesday, attributing any issues to unknown hackers.

Jakub St?pniewicz, Sergiusz Baza?ski and Micha? Kowalczyk - members of Dragon Sector, a Polish security hacking team who go by the names q3k, mrtick, and redford respectively - were hired in May 2022 by Serwis Pojazdów Szynowych, an independent train maintenance firm, to look into problems with Newag Impuls 45WE trains.

SPS bid for and won a contract to maintain the trains, beating Newag, according to Polish industry publication Rynek Kolejowy.

According to Baza?ski, the trains locked up for no apparent reason after being serviced in third-party workshops.

"We found that the PLC code actually contained logic that would lock up the train with bogus error codes after some date, or if the train wasn't running for a given time," Baza?ski wrote.


News URL

https://go.theregister.com/feed/www.theregister.com/2023/12/08/polish_trains_geofenced_allegation/