top | item 38531724

(no title)

jseutter | 2 years ago

The truth is almost stranger than fiction. They are members of a group called Dragon Sector and were brought in by the train operator after 6 of their 12 largest trains became unresponsive after having inspections done at a rail yard owned by not-the-manufacturer of the trains. The manufacturer said the trains became unresponsive because of malpractice at the train repair shop and mentioned some condition that didn't appear to be in the maintenance manual. The train operator made contact with Dragon Sector and asked for their help.

It's a wild read: https://zaufanatrzeciastrona.pl/post/o-trzech-takich-co-zhak...

It appears to be malicious code included by the manufacturer to prevent third party repair that at one point included geolocation for triggering. Given that the train operator had to reduce train schedules for this which impacted service and income, it might end up as evidence in a lawsuit against the manufacturer at some point.

discuss

vidarh|2 years ago

I would love to know if the checks were as brazen as presented in that post, or if the coordinate checks were obfuscated in some way. It sounds like they just assumed the operator would fold long before even getting at the code and couldn't even be bothered trying to make it look accidental.

q3k|2 years ago

The main obfuscation was the way IEC 61131-3 constructs get first compiled to C and then to assembly.

There's a lot of indirection and zero strings in the resulting code, meaning it's very difficult to actually find whatever logic you're looking for. But once you see it, it is obvious and seems like it was built like any other logic.

plagiarist|2 years ago

> if the day is greater than or equal to 21st and

> if the month is greater than or equal to 11 and

> if the year is greater than or equal to 2021

> then report a compressor failure.

> [...] It was probably the software author's inability to construct IFs that made it necessary to wait until November 21, 2022 for the planned failure.

Oops!

sdflhasjd|2 years ago

And it magically starts working again on the 1st December.

Pet_Ant|2 years ago

Well the error message claims that they are infringing copyright. It very well could be that they are within their rights if the initial license/contract stipulated that they would only service the trains in their authorised locations. This should be illegal, but very well might be.

xeeeeeeeeeeenu|2 years ago

Excerpt from an Onet article[1] about this:

>Until a few years ago, rolling stock manufacturers such as Newag from Nowy Sącz and PESA from Bydgoszcz were able to dominate the maintenance market. It was mainly them who entered tenders for compulsory maintenance of their vehicles, because other companies knew they were at a disadvantage. At the time, the dominant narrative of the manufacturers was that the "Maintenance System Documentation," a kind of manual for a given vehicle, was the manufacturer's secret, its intellectual property, and under no circumstances could this be passed on to other service companies. This led to a situation in which railroad companies across the country were forced to use the manufacturer's expensive service. And the latter, having a monopoly on repairing its trains, dictated outlandish prices, even tens of percent higher than another company would have given, the rail safety expert points out.

>Our source adds that later, thanks to the European Union Agency for Railways, the interpretation of regulations changed, allowing other companies access to service trains. This led to the opening of the market to other companies in the industry.

[1] - https://wiadomosci.onet.pl/kraj/awarie-pociagow-newagu-haker...

p_l|2 years ago

They didn't win the contract for servicing, and the law required opening up service in the first place.

planede|2 years ago

How would copyright be in-scope at all? At worst this infringes EULA.

ysofunny|2 years ago

The most poetic part is how the train maker are merely looking out for their own profit margins.....

Economic theory(?) would suggest that if they don't do this, their competition eats their lunch and drives them out of business.

heck, Volkswagen did something much shadier to get their vehicle's emissions to comply

cryptonector|2 years ago

This is much shadier than what VW did. VW was working around unrealistic emissions standards -- illegal, sure, but they didn't cause big ticket items to stop working. The train manufacturer here appears to have done something much worse.