Man, just go back to normal trains and now computers with attached trains. Can't hack or remotely kill what doesn't have a computer in it.
this post was submitted on 14 Dec 2023
9 points (100.0% liked)
Right to Repair
1493 readers
9 users here now
Whether it be electronics, automobiles or medical equipment, the manufacturers should not be able to horde “oem” parts, render your stuff useless if you repair it with aftermarket parts, or hide schematics of their products.
Summary video by Marques Brownlee
Great channel covering and advocating right to repair, Lewis Rossman
founded 1 year ago
MODERATORS
Erm... There's a lot going on inside an electrically powered train. Even a diesel engine has a computer managing fuel flow and diagnostics.
More importantly, you need networked computers to handle automatic train safety systems, a requirement in the EU from what I understand, after several notable rail crashes up to the 70's.
~~The mere fact that the manufacturer had a remote kill switch is the safety issue that should have a big spotlight.~~(edit: this is not the case - see the reply below) What if a malicious hacker decides to trigger that kill switch while the train is loaded with people and at a sensitive moment (e.g. on bridge/cliff with a huge drop).
If the kill switch were in place for dealing with hi-jackers, perhaps fair enough. But having it for the purpose of business protectionism is an entirely reckless safety risk.
There’s an overlooked failure here: why doesn’t the Polish transport authority have a clause in their procurement contracts that bans trains with remote-control kill switches that are not under user control? And why wasn’t the code reviewed to catch that in advance? The hackers say they did not alter the code, which somewhat implies that the source code might have been available for inspection.
In the talk they gave yesterday night, Dragon Sector hackers clarified that they are not aware of any remote control available to the manufacturer.
The locks were implemented inside the code both when the trains were first serviced to railway operators by the manufacturer, and any time the manufacturer was given direct on-hand access.
See here to watch their speech: https://feddit.it/post/4391905
Thanks for the link. Indeed you are correct. The lock only triggers when it’s stopped and it’s hard-coded and not remote. Apparently the only comms involved was the train signalling to the manufacturer that the lock was triggered.
I hope this NEWAG gets raked over the coals for this.
It's outrageous to hold public infrastructure at ransom because the equipment spent X days in an independent repair shop - and pretty invasive to have DRM monitoring the train's GPS location, and in some cases live reporting these back to the manufacturer to facilitate a remote lockdown.
Not to mention pushing an update to flag up a copyright warning on a screen in the drivers' cab while the train is running 🤦♂️
I commend the engineer at the independent repair facility that had the idea to have hackers pick apart the train's control unit, and the rest of the team for agreeing to it.
Modifying the software of a device YOU OWN, should never be illegal in and of itself.
I am not against you, but in case of warranty - how do you draw a line of where is user's fault, and where is manufacturers fault?
well, it doesn't have to be illegal to void warranties. If you for example brick your device through software shenanigans you don't expect the maker to fix it for free for you, but you don't expect them to sue you either!
Absolutely. Maybe an exception for video game multiplayer cheating, but that's the only thing I can think of. Any other situation I can think of just enriches the computer to the massive detriment of the user.
cheating is a problem but, actually making it illegal? nah man, I think that's too far.
No, that shouldn't be illegal either. Against the rules of a server and getting you kicked out of that server, sure.
Force modified clients in a seperate lobby. Mods can be fun and extend shelflife of games immensly.
And allow selfhosting servers for (at least after) when the publisher/developer stops supporting the game.
The GPS coordinates are especially damning. Also funny that the manufacturer is claiming they made the trains unsafe, since obviously once they uncovered the unlock code they can just use it on unmodified trains.