Polish hackers successfully bypass manufacturer's "bricking" of trains

Polish commuter train company Lower Silesian Railway (LSR), which operates out of Wrocław, sent their trains to Serwis Pojazdów Szynowych (SPS) for fixing and general repair. SPS had a problem, though. Trains that they had taken in for regular maintenance and repairs weren't working. Mechanical inspections revealed nothing wrong internally. Time passed but mysterious errors continued, rendering the trains inoperable to the point where LSR was short. The company was forced to rearrange their timetables and run fewer cars, packing in customers not unlike sardines. Out of desperation, SPS sought help from hackers, who figured out that Newag, the company that manufactured the trains, had software in place that put locks on the carriages if they were serviced by third party mechanics or if the cars remained stationary for too long.

There was absolutely nothing wrong with the trains, Dragon Sector successfully bypassed the bricking, and the good people of Wrocław were once again permitted to commute without being compared to tinned fish.

We leave it to the readers and customers of this company to assess the solutions used by the manufacturer. Interestingly, although there is litigation in the case, it is hard to find an institution in Poland that has done anything beyond kindly expressing interest in the matter. We are not aware of any action taken either by the Office of Consumer and Competition Protection or by the Railway Transport Office, which would seem to be competent to eliminate from the market practices that are damaging to local government organisations that are incurring considerable losses and to passengers who are forced to travel in crowds or use substitute transport for months. The only institution that has taken action that we are aware of is CERT Polska, notified of the discovery by the researchers. From the comment we received, it appears that CERT Polska has notified the "relevant authorities" and the case is being handled by law enforcement agencies.