December 8, 2023 at 01:39AM
Polish researchers allege trains from manufacturer Newag have software that fails them if serviced by third parties, which Newag denies, blaming hackers. Hired by an independent service firm, the researchers found code in the trains programming logic that generates errors after certain conditions, suggesting intentional sabotage. Newag insists it’s a targeted smear campaign. Cybersecurity agency CERT Poland is involved after researchers went public at a conference, citing inaction over their findings.
**Meeting Takeaways:**
1. Allegations:
– A team of Polish security researchers from Dragon Sector (Jakub Stępniewicz – q3k, Sergiusz Bazański – mrtick, and Michał Kowalczyk – redford) claimed Newag SA trains have software designed to malfunction if serviced by third-party companies.
– Newag vehemently denies these claims, suggesting instead that issues are due to unknown hackers and accuses competitors of illegal black PR.
2. Investigation:
– The researchers were employed by SPS, a maintenance firm that had issues with Newag’s Impuls 45WE trains after winning a maintenance contract over Newag.
– Difficulties arose post-service due to software lockouts.
– Research into the problem through reverse engineering revealed what appeared to be intentional train-stopping faults in the PLC code.
– They also discovered an undocumented key combination that unlocks the trains.
3. Findings Disclosure:
– The team reported their findings to CERT Poland, which then alerted the authorities over a year ago, with no action taken to date, prompting the researchers to make their findings public.
– Their discoveries were shared at the Oh My H@ck conference and will be further detailed at the upcoming 37th Chaos Communication Congress in Hamburg, Germany.
– Note: The talk at Oh My H@ck was not recorded but has been documented by infosec writer BadCyber.
4. Official Response:
– Poland’s former minister of digital affairs, Janusz Cieszyński, relayed on social media that Newag’s president claimed the company was targeted by cyber criminals. However, Cieszyński’s analysis implies a contradiction to this claim.
**Action Items:**
– Monitor developments related to the accusations against Newag and any legal or regulatory actions taken.
– Await the detailed presentation by the researchers at the 37th Chaos Communication Congress for further insights on the issue.
– Stay updated on any responses from Newag and Polish authorities concerning these allegations.