Polish hackers successfully bypass manufacturer's "bricking" of trains

Originally published at: Polish hackers successfully bypass manufacturer's "bricking" of trains - Boing Boing


Nice article! See also the hackers talk at the CCC conference yesterday: Breaking "DRM" in Polish trains - media.ccc.de

What got me was the seeming lack of version control. They analyzed 30 trains with ~21 firmware versions and the locks were so different. Some were idle time, some were for the motor, some were for the pantograph, some were GPS, some were odometer based, one had a possible hardware back door, some the user interface had a backdoor, etc. They had new versions of firmware because the previous lock was too restrictive. Somehow this wasn’t the safery critical parts of the system, but still just a mess.


My kid is a train nut, and this was his first experience with anything scummy involving trains. He wants to work in the industry and he now knows that Newag was “bad”.

Maybe in 30 years when he’s director of ops for a commuter line he won’t pick Newag trains. This is his stance now.


I give you ‘sleeping beauty’ modest… not desperandum

I think there were also, for networked parts, serial number checks to detect “unauthorized” part-swapping.

What a kludgy mess!


I feel like there are some legal details in this story that are missing. I find it hard to believe that Newag sold the cars to LSR without the knowledge of the type of hardware/software or who could do authorized repairs on the units. I’m not saying it’s right or wrong they put software locks in place, but usually customers have an idea of who can service their equipment. It feels like the purchasing side never informed the service side that repairs had to be carried out by Newag or someone they authorize.

1 Like

“not unlike sardines” I’m guessing was the phrase intended.


IANAL but I imagine that any such stipulation would be unlawful because it would be anti-competitive and incompatible with European Union law on public procurement.

Koleje Dolnośląskie, the operator, is a public company owned by the Lower Silesian provincial government. European Union law requires competitive tendering for all public procurement, and Koleje Dolnośląskie accordingly put the maintenance contract out to tender.

Newag put in a bid for the maintenance contact, but did not win.

The story probably begins a little earlier, but we will enter the scene in spring 2022, when the maintenance for the first of eleven Impuls 45WE trains (made by Polish company Newag) operated by the Lower Silesian Railways ends. The maintenance is carried out by an independent train maintenance company called Serwis Pojazdów Szynowych, hereafter referred to as SPS, SPS won the tender to carry out the mandatory maintenance of the trains after a distance of 1,000,000 kilometres. The train manufacturer, Newag, also competed in the tender to carry out the maintenance, but the manufacturer’s bid was about 750k USD higher and the tender was eventually won by SPS, which offered to carry out the maintenance of 11 trains for around 5.5 mln USD.

Newag’s business model is allegedly to sell trains cheaply and make up for it with profitable maintenance work.


Less tomato sauce was used in this case. :+1:

1 Like

This topic was automatically closed after 5 days. New replies are no longer allowed.