Email or username:

Password:

Forgot your password?
Top-level
Kevin Karhan :verified:

@q3k Does any regulator know of this #Sabotage of #CriticalInfrastructure by the #Manufacturer?

I'm shure these trains ain't exclusive to to one country and regulators from @BNetzA and @kartellamt@social.bund.de to @EU_Commission will likely be very interested in such deliberate acts of #AntiCompetiton, #AntiRepair and basically attacks on #PublicTransport #infrastructure done by #NEWAG to fleece customers!

I mean, this is next-level assholeism and makes #JohnDeere and #Apple look like #RightToRepair fans.

18 comments
q3k :blobcatcoffee:

@kkarhan @BNetzA @EU_Commission

Some relevant agencies are aware of the problem and are looking into this - can't say more than that yet.

Raul

@q3k @kkarhan @BNetzA @EU_Commission Some people in that manufacturer's offices ought to be sweating cold right now

Kevin Karhan :verified:

@raulinbonn @q3k @BNetzA @EU_Commission

I hope so, because they should not get away with 'we did it to enshure train safety and compliance' excuses.

This is just flat-out criminal behaviour!

Imagine if MAN were to disable trucks if they did get serviced by fire departments or logistics firms onsite instead of driven to a service center...

Andreas K

@kkarhan @raulinbonn @q3k @BNetzA @EU_Commission

They should be treated as terrorists, or at least accomplices.

They basically installed backdoors that could be used by anyone (including terrorists) to trivially sabotage infrastructure.

Raul

@yacc143 @kkarhan @q3k @BNetzA @EU_Commission Of course as terrorists themselves, not just accomplices. Because they installed backdoors for themselves to surgically (while "invisibly") sabotage infrastructure at will.

Kevin Karhan :verified:

@raulinbonn @yacc143 @q3k @BNetzA @EU_Commission

And that alone should be considered as #Govware #Backdoor for foreign agents unless evidenced otherwise.

Cuz we ain't talking about some "warranty void if removed" kinda sticker thing that would get the owner overcharged the next time they'd seek "authorized" support, but literal attacks of #PublicTransport #infrastructure that could be weaponized to impact #NatSec and #GlobalSec [i.e. blocking train tracks with bricked trains!]...

Kevin Karhan :verified:

@yacc143 @raulinbonn @q3k @BNetzA @EU_Commission Exactly.

This is the kind of shite where @stman wants to scream "I TOLD YA SO!" so loud it could be heard in Poland...

Sean

@kkarhan @q3k @BNetzA @EU_Commission

see the update at the end of the writeup @ zaufanatrzeciastrona.pl/post/o (the "Aktualizacja 2023-12-05 16:00" section, it's in Polish). Basically the "UTK" (transport ministry) appear to have said it's aware of it but it's a civil matter between the train operator and the manufacturer.

Kevin Karhan :verified:

@smcl @q3k @BNetzA @EU_Commission

That's kinda sad and IMHO a big failure of said regulator.

Imagine if car manufacturers were to leverage the same tech to prevent "unauthorized" / 3rd party repair...

I'm pretty shure once politicians have their car refuse to start after a tire change at home they'll instantly start acting...

goedelchen

@jlcrawf @kkarhan @smcl @q3k @BNetzA @EU_Commission Politicians having their tires changed at home, because they can't be bothered to bring their car to a garage and wait.

Kevin Karhan :verified:

@goedelchen @jlcrawf @smcl @q3k @BNetzA @EU_Commission or because they are too paranoid or because like with all goverments that can afford it, they have a pool of cars and drivers and those - like any decent-sized taxi service - have their own depots and mechanics onsite as well as spare parts because downtime costs money.

Imagine if #cabs or #ambulances and #FireTrucks were to get the #AntiRepair #malware treatment...

#WhatYouAllowIsWhatWillContinue

Cysio :verified_gay:​

@kkarhan @smcl @q3k @BNetzA @EU_Commission they also said that cybersecurity in transport is in the purview of the ministry of transport, so let's naively keep our fingers crossed for the upcoming government

Andreas K

@kkarhan @q3k @BNetzA @EU_Commission
let's call it what it is, infrastructure #terrorism

Just because the hidden code bombs have not been used yet by terrorists, does not make it less terrorism.

If I read it correctly, this is even distributed in "a gps component broadcasts to the rest of the train if it should stop functioning". Wonder what it would take to emulate such a take down broadcast? Would a Dolphin Flipper be enough or would it need addon hardware?

Kevin Karhan :verified:

@yacc143 @q3k @BNetzA @EU_Commission

Not only that, but it's trivial to not only jam GPS [would be interesting if said trains cease to drive without signal!] and it's likely even possible that a malicious #firmware update could basically "geofence" the entire world, bricking the train in the process...

And that's just the things I could come up at a moments' notice.

Imagine what state-sponsored attackers could do:

How about #Ransomware'ing an entire train + passengers???

Siegi πŸ‡ΊπŸ‡¦ πŸ‡¬πŸ‡ͺ πŸ’œ πŸ‡¨πŸ‡­

@kkarhan It's what i say for years, now for electronics cars, before to be on the market, the source code *must* be available to customers (and all updates) of every components before to authorize it to be on a road, and on a track for a train.

Without source code, our public services *must* refuse completely to buy trains (and a lot of others things).
@yacc143 @q3k @BNetzA @EU_Commission

Go Up