Skip Navigation

Train manufacturer intentionally bricks trains serviced by independent service providers

social.hackerspace.pl q3k :blobcatcoffee: (@q3k@hackerspace.pl)

Attached: 1 image I can finally reveal some research I've been involved with over the past year or so. We (@redford@infosec.exchange, @mrtick@infosec.exchange and I) have reverse engineered the PLC code of NEWAG Impuls EMUs. These trains were locking up for arbitrary reasons after being serviced a...

q3k :blobcatcoffee: (@q3k@hackerspace.pl)

Polish train manufacturer that lost servicing tender programmed train controller to brick itself after train stays for some time in 6 ISP facilities or in 1 their faculity(for testing?) until undocumented button combination is pressed. Some controller versions brick itself after train is idle for 10 days. After news about this became public, manufacturer removed ability to unlock train by button combination.

Also manufacturer is able to remotely brick train over internet(connected via GSM) at any time.

Full versions: Polish(original), Russian

18

You're viewing a single thread.