Polish Train Builder Denies Sabotaging PLC Code to Lock In Repair Services, Claims Being Hacked.

January 30, 2024

INCIDENT

After a rail maintenance service provider won a contract to maintain rolling stock manufactured by Newag, they soon discovered that the rolling stock would stop operating for no apparent reason. After hiring a third party consulting group, they discovered deliberate code in the firmware designed to "brick" or disable rolling stock if it had been maintained in certain locations or conditions not under the supervision of the original manufacturer.

Dieselgate? Newag denied this, suggesting they were the victim of a cyber attack. However, there is no evidence to back up that claim, and instead all evidence points to the vendor deliberately sabotaging their own firmware code in manufactured products to enforce vendor maintenance and repair lock-in and unfairly disadvantage their competition.

"We found that the PLC [programmable logic controller] code actually contained logic that would lock up the train with bogus error codes after some date, or if the train wasn't running for a given time," Bazański wrote. "One version of the controller actually contained GPS coordinates to contain the behavior to third-party workshops."

Incident Date

December 7, 2023

Location

Poland

Estimated Cost


No cost values disclosed.

Victims

No victims identified

Type of Malware

No Malware identified

Threat Source

No threat source identified