White hat hackers are essential to businesses large and small, but what happens when some businesses don’t understand the importance of ethical hacking?
In a recent cybersecurity incident, three Polish hackers successfully repaired malfunctioning software on a train that was originally serviced by the local rail operator’s independent repair shop.
But the story changed when accusations were brought against manufacturer Newag for allegedly remotely disabling trains served by Polish railway repair company SPS. Reportedly, that’s not all. newwag Threatening hackers with lawsuits.
It is not uncommon for large technology companies to remotely disable or “brick” products serviced by third-party companies. apple etc.adopt similar measures to protect their revenue streams.
While we don’t want to get too religious or emotional, it is an undeniable fact that white hat hackers, also known as ethical hackers or cybersecurity researchers, are nothing short of a blessing. There are many examples There, ethical hackers have saved companies from devastating hacks.
Additionally, consider the following example: this white hacker A man who went out of his way to unlock a car for a family who lost their keys. And let’s not forget his infamous WannaCry ransomware attack. intercepted by white hackers, Meanwhile, cybersecurity and technology giants remained in the dark. However, his Newag response to the incident highlighted a significant lack of understanding of cybersecurity on their part.
Issues with Newwag’s Impulse series, which is operated by an independent entity, have been ongoing since the summer and are negatively impacting customer service. These trains mysteriously malfunctioned and refused to restart after scheduled maintenance. To unravel the mysteries behind these disruptions, SPS enlisted the expertise of the Dragon Sector. ethical hacker.
insights from dragon sector A worrying aspect of the software programming of Poland’s Newag trains has been revealed. According to the ethical hacking group, Newagu trains were equipped with a unique feature that triggered a software lockdown if they were stopped for more than 10 days.
In any case, the complexity of Newag’s software extends beyond mere inactivity to sophisticated mechanisms that become active when a train parks at a specific GPS location.
Amazingly, these preset GPS locations are strategically linked to independent repair shops spread throughout Poland. This means that software lockdowns can be triggered not only during periods of inactivity, but also when a train parks at a designated location that happens to overlap with an independent repair shop. .
A notable fact is that at the time the details of the program were revealed, at least one of these predetermined GPS locations included a repair shop that was still in the construction phase. This raises questions about the intent and scope of Newag’s software lockdown strategy, as it appears to extend beyond the simple goal of preventing long periods of inactivity.
One of the hackers of the Dragon Sector, Michał Kowalczyk, said the issue appears to be intentional on Newag’s part. “Today, we are convinced that it was a deliberate action on the part of Newag. “We discovered that this caused the fact that there was no such thing,” Michał claimed.
Zaufana Trzecia Strona (IT security news website in Polish) report This means that if the part is replaced without an unlock sequence hidden in the train’s computer, the repair measures will be activated. In addition, the code will stop the train after traveling 1 million kilometers, and the hardware could allow remote control with his Newag trains.
Newag, Poland’s oldest railway company, denies the accusations and accuses SPS of starting conspiracy theories.The current company is request The repaired trains will be taken out of service immediately, as they may have been “hacked” and may be unsafe.
Newag claims the story is defamation from a competitor and is threatening to sue Dragon Sector. The company believes this is an attack on independent repair, which has become a controversial issue among consumers and companies like Apple. John Deere, and much of the entire auto industry is at odds with each other. The right to repair is countered by proprietary software and encryption that the company can only read.
The railway operating company, Lower Silesian Railway, conflict Newag produces Impuls 45WE hybrid multiple units. In June 2022, the railroad experienced multiple non-startup failures on these trainsets, resulting in fewer trains than scheduled and impacting passenger service.
Nevertheless, this is not surprising since companies and companies often do not appreciate the efforts of white-hat hackers who do good deeds.Cybersecurity researchers believe that rob dyke and wesley weinberg These are prime examples of what happens when companies don’t understand the importance of responsible disclosure.
Related article
- White hat hacker bypasses Cloudflare’s SQL injection filter
- ‘Good hackers’ take over billboards and send security alerts
- White-hat hacker infects Canon digital SLR cameras with ransomware
- White-hat hacker accesses primary key of Cosmos DB user in Azure
- White-hat hacker shows how to detect hidden cameras in Airbnb and hotels