689
Polish Train Maker Is Suing the Hackers Who Exposed Its Anti-Repair Tricks (www.ifixit.com)
submitted 6 days ago* (last edited 6 days ago) by Pro@programming.dev to c/technology@lemmy.world
40 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[-] TauZero@mander.xyz 54 points 6 days ago

Newag [train maker] claims that the Dragon Sector [whitehat hacker] team endangered passengers’ safety by modifying the software without proper experience. But Newag then turns right around and claims that Dragon Sector did not modify the software at all. They point out that EU law only allows reverse engineering of software in order to fix bugs. And if Dragon Sector did not actually modify the software, it cannot have fixed any bugs, in which case their reverse-engineering must be illegal.

[-] Venus_Ziegenfalle@feddit.org 12 points 6 days ago

So if they just say they were gonna get to the bug fixing part but haven't yet they're in the clear. Boom, another decisive victory for the Dragon Sector.

[-] Cort@lemmy.world 3 points 5 days ago

Train company response: it's a feature, not a bug, so you're still guilty

[-] defaultusername@lemmy.dbzer0.com 12 points 6 days ago* (last edited 6 days ago)

Do they... not know what reverse engineering means?

[-] TauZero@mander.xyz 20 points 5 days ago

It's worse. They are saying that the EU copyright law, as written, only allows decompiling/reverse engineering to "fix bugs". A bug fix would involve a software patch of some sorts. But the security researchers did not have time to write a patch yet, what they did is tell the customer "Yep, it's fucked. Your vendor put in a killswitch to make the trains brick themselves." So that does tell them where the problem is, but it is not a bona fide bug fix from the Bugfix region of France, and therefore illegal.

[-] boonhet@sopuli.xyz 15 points 5 days ago

Ah so it's just sparkling engineering

[-] dev_null@lemmy.ml 2 points 5 days ago

But the security researchers did not have time to write a patch yet

This is not true. They never intended, and said would never try to make any modifications to the train software, because it would be very illegal, you can't make modifications to the trains without the train having to go through recertification again and they have no credentials to be making any modifications to trains.

They only analysed a copy of the software, and found secret undocumented unlock codes that could just be typed in at the cabin without having to modify anything.

this post was submitted on 29 Jul 2025
689 points (100.0% liked)

Technology

73567 readers
4012 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws