If the right-to-repair movement has a famous story, it’s the familiar green and yellow John Deere tractor. Farmers and mechanics have done their own repairs as long as there have been tractors, but more recent Deeres have been locked down such that only Deere-authorised agents can fix them. It’s a trend that has hurt the value of a second-had Deere, but despite that it appears to be spreading within the machinery world. Now there’s a parallel on Polish railways, as Polish-made Newag electric passenger trains have been found to give errors when serviced by non-Newag workshops.
At the heart of the problem are the PLCs which control all aspects of a modern rail traction system, which thanks to a trio of Poland and Germany based researchers have been found to play a range of nasty tricks. They’ll return bogus error codes after a set date which would presumably be reset by the official service, if the train has been laid up for a while, or even if they are detected via GPS to have visited a third-party workshop. Their work will be the subject of a talk at 37C3 which should be worth watching out for.
It will be especially interesting to juxtapose the reaction to this revelation with cases such as the Deere tractors, because of course Poland is part of the European Union. We’re not specialist EU competition lawyers, but we know enough to know that the EU takes a dim view of these types of practices and has been strong on the right to repair. Who knows, Polish trains may contribute further to the rights of all Europeans.
Ja, we need to kill the mental concept in these organisations that doing such nasty tricks is in any way acceptable.
Thinking of the insane profits they will make from such shenanigans is probably why they have the XD emoticon painted on the train.
B^)
Very clever title Jenny!
Deere Disease
Not mentioned in the article: remotely disabling the trains via cell network a la Deere. The rationale of this feature is generally so that stolen machines can be disabled by the manufacturer ( like the time a dealership of Deere machines in Ukraine was disabled, covered on Hackaday earlier)
I’m not privy to the railway market, but uh… is stealing trains a thing? It’s not like you can go anywhere you want. Why would they need that functionality?
Perhaps for scenarios where getting away isn’t the point. Such as using a train to intentionally cause disaster.
GeneralFault, you missed that _Why would they need that functionality?_ was a rhetorical question.
It was only one train with this kind of “feature”. I would guess it was actually for remote diagnostics?!
Stealing trains is not much of a thing but one company losing a big juicy contract and the trains transferring to a competitor’s maintenance yards definitely is.
The english translation of the article is at https://badcyber.com/dieselgate-but-for-trains-some-heavyweight-hardware-hacking/
sweet thanks
Please stop to spread the misinformation! Humanitarian- and military convoys are not affected there.
I’m looking forward to that talk :-O
Great work bench photo in the article – wrenches, weird screwdrivers, Linux machine, scope…
The much bigger (and unusually well hushed) issue is heat pumps. Soon we will all have them and go ahead, try to fix it. No R410A for you unless you’re a certified HVAC technician.
That’s how it is in the UK right now, and likely other places.
DIYers not being able to do HVAC work isn’t a problem as long as you can go to any HVAC guy and get them to work on it rather than needing to go through the manufacturer or their authorized guys.
I assume you’re against refrigerators, freezers, and air conditioners too then?
This is a result of the “Montréal Protocol “
That really isn’t the problem at all – if you want to get the certification you can.
And then anybody at all who has it can work on any device – in the same way you don’t want an old idiot with only half the right tools fiddling with mains gas or electric supplies as there are unacceptable costs to doing it wrong. But as anybody certified can get what they need it then means you are not locked into the 5000x markup the company that made the system decides its going to force you to pay as nobody else can make it work again, and there is no deliberate sabotaging of its function to force you to pay them that servicing fee every year.
Not sure that’s a huge problem as there’s lots of HVAC engineers out there to choose from & compete with each other – same with registered gas fitters, there’s a reason they don’t want unqualified people working on the gas supply. Modern refrigerants are often just as flammable.
EPA 608 in the US is pretty easy to get.
R410a is quickly being replaced with R32 in new heatpumps. R32 works better at lower outdoor temperatures, and is completely unrestricted for anyone to buy and use. You only need to take some precautions with sparks and soldering since it is quite similar to propane.
I wonder what EBA (Eisenbahn-Bundesamt in Germany) would say about toying around with such features.
I mean, making error free software is difficult enough. Adding unnecessary features another thing. Adding unnecessary feature that interfere into operation? I think: order to take out of service incoming in 3-2-1-now.
Talent 2
On the up side,… Russia and China might sell you cheap trains.
Another reason why we need public code wherever public money goes.
It is a lie. All humanitarian and millitary transoprts are passed through.
Polish truckers are restricted by many EU regulations but Ukrainian are not, so they cannot eqally comrpete on a free market. Lets treat all truckers company eqally and there won’t be any issues
Innocent question.
As it was first presented here (us) in what i read, ukraine grain sales in eu were undercutting eu markets (farmers), then there seemed to be a deal to allow ukraine trucks to go to ports for only export. Did it not turn out that way (export only)? Or did exporting from eu ports also cause competition issues? I have not seen an explanation.
Its not just the grain, far as I can tell with so much disruption and economic shutdown in Ukraine their truckers have been much cheaper than the locals as well as available in vast numbers – may also be doing many deliveries into Ukraine from the EU, but with less economic activity inside and large chunks still in Russian hands there are lots of them that will be headed right back to the EU for more ‘local’ work as they are not needed at home.
And the bureaucratic mess that is the EU doesn’t help, it is just far too slow to react to the obvious problems when something like this comes up, which then creates so much more tension and upset than really required. It is readily apparent the Pole’s have bent over backwards to support their neighbour, to a degree that frankly embarrasses most of the EU member states, and on the whole the entire population is behind helping Ukraine survive. At least until all the unintended consequences of how Ukraine has been largely let into the EU past all the red tape while not really being in the EU start to prevent some individuals from surviving themselves… Still have to respect just how far they and really all the Baltic states have gone and hope a good compromise can be found soon – perhaps one that puts a bit more of this economic stress on the rest of the EU.
Thanks! hadn’t considered that aspect. Today finally saw something about permits etc.
There was a rumor that exporting from eu ports wouldn’t be competitive, so this never made sense. Grain import was blocked cause of the quality issue.
>Poland and Germany based researchers
Poles, researchers from Polish security Capture The Flag team https://dragonsector.pl. Hackaday readers might remember q3k and Redford from 2015 coverage https://hackaday.com/2015/05/01/hacklet-45-reverse-engineering-projects/ of their successful effort to break Toshiba password mechanism hidden inside EC/KBC (Renesas M16C) https://hackaday.io/project/723-reverse-engineering-toshiba-r100-bios https://q3k.org/slides-recon-2018.pdf
Stealing writeup from HackerNews by drra:
“So these trains are exclusively used in Poland by quite a big number of regional train companies. There are 5 servicing levels starting from P1 up to most complex P5. It used to be that only these major companies would do P3+ but since a few years tenders were won by several smaller competitors at much lower prices all thanks to European Union Agency For Railways that opened that market.
It started with 4 trains that were serviced by SPS Mieczkowski and just wouldn’t start. The company was forced to pay €0.5m in penalties and trains were sent back to Newag. At the same time several other trains from different companies that didn’t even got to service but spent a bit too much time in one place became immobilized. This all led to SPS Mieczkowski hiring Dragon Sector to investigate and they found several separate routines to disable trains.
This case is investigated by Central Anti-Corruption Bureau in Poland but I doubt it’ll do much harm to Newag. The Office of Rail Transport of Poland that would spam rail company with complaints and orders for a small mistake in train schedule washed it’s hands from intervening in this case and train purchases have highly regulated tender process and very little wiggle room for rail companies.”
Full writeup on zaufanatrzeciastrona, Polish hacking portal: https://zaufanatrzeciastrona-pl.translate.goog/post/o-trzech-takich-co-zhakowali-prawdziwy-pociag-a-nawet-30-pociagow/?_x_tr_sl=pl&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp (google translated)
Press coverage on Onet, biggest Polish online news platform: https://wiadomosci-onet-pl.translate.goog/kraj/awarie-pociagow-newagu-hakerzy-ujawniaja-kto-stoi-za-celowymi-usterkami/g4hymmg?_x_tr_sl=pl&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp (google translated)
Ahh the old misunderstood Deere right to repair bs. You can 100% buy the same software a dealer buys to connect and diagnose a Deere tractor, assuming you know what you are doing to begin with. Hell, the dealership will sell it to you like any other part for the tractor.
No one calls out the few bullshit artists that started this, and Deere screwed up by taking the public affairs consulting’s advice to just ignore it. They should have came out from the start with what was actually happening.
Links or we don’t believe you either.
I would take a large crystal of NaCl with this news. AFAIK, the story was broken by onet.pl, a portal well known for spreading false black PR against Polish defense companies, often coinciding with ongoing contract negotiations by foreign business (example: MSBS carbine for Ukraine). According to Google, the owners of onet.pl are German publishers Ringier and Axel Springer.
https://ibb.co/RhQFHbT
There might be one very significant detail to this whole story that every media overlooks.
From ethical point of view Deere-style practices are bad – there is no doubt in that. But we don’t know whether or not they were legal and accepted by customer who bought and owns these trains (train carrier).
What if Newag made 2 offers when selling these trains: buy for 100% value with no strings attached or get eg. 20% discount (but all repairs in our shop)?
What do you think – in such case (customer fully informed) were they entitled to ensure their contract fulfilled – and ensure by such measures?