Email or username:

Password:

Forgot your password?
q3k's posts Post Back to profile
Top-level
Kevin Karhan :verified:

@q3k Does any regulator know of this #Sabotage of #CriticalInfrastructure by the #Manufacturer?

I'm shure these trains ain't exclusive to to one country and regulators from @BNetzA and @kartellamt@social.bund.de to @EU_Commission will likely be very interested in such deliberate acts of #AntiCompetiton, #AntiRepair and basically attacks on #PublicTransport #infrastructure done by #NEWAG to fleece customers!

I mean, this is next-level assholeism and makes #JohnDeere and #Apple look like #RightToRepair fans.

5 Dec 2023 at 14:09 | Wall-to-wall | Open on mstdn.social
18 comments
q3k :blobcatcoffee:

@kkarhan @BNetzA @EU_Commission

Some relevant agencies are aware of the problem and are looking into this - can't say more than that yet.

5 Dec 2023 at 14:12 | Open on social.hackerspace.pl
Raul

@q3k @kkarhan @BNetzA @EU_Commission Some people in that manufacturer's offices ought to be sweating cold right now

5 Dec 2023 at 14:26 | Open on social.treehouse.systems
Kevin Karhan :verified:

@raulinbonn @q3k @BNetzA @EU_Commission

I hope so, because they should not get away with 'we did it to enshure train safety and compliance' excuses.

This is just flat-out criminal behaviour!

Imagine if MAN were to disable trucks if they did get serviced by fire departments or logistics firms onsite instead of driven to a service center...

5 Dec 2023 at 14:30 | Open on mstdn.social
Andreas K

@kkarhan @raulinbonn @q3k @BNetzA @EU_Commission

They should be treated as terrorists, or at least accomplices.

They basically installed backdoors that could be used by anyone (including terrorists) to trivially sabotage infrastructure.

5 Dec 2023 at 15:28 | Open on mastodon.social
Raul

@yacc143 @kkarhan @q3k @BNetzA @EU_Commission Of course as terrorists themselves, not just accomplices. Because they installed backdoors for themselves to surgically (while "invisibly") sabotage infrastructure at will.

5 Dec 2023 at 15:30 | Open on social.treehouse.systems
Kevin Karhan :verified:

@raulinbonn @yacc143 @q3k @BNetzA @EU_Commission

And that alone should be considered as #Govware #Backdoor for foreign agents unless evidenced otherwise.

Cuz we ain't talking about some "warranty void if removed" kinda sticker thing that would get the owner overcharged the next time they'd seek "authorized" support, but literal attacks of #PublicTransport #infrastructure that could be weaponized to impact #NatSec and #GlobalSec [i.e. blocking train tracks with bricked trains!]...

5 Dec 2023 at 15:33 | Open on mstdn.social
Kevin Karhan :verified:

@yacc143 @raulinbonn @q3k @BNetzA @EU_Commission Exactly.

This is the kind of shite where @stman wants to scream "I TOLD YA SO!" so loud it could be heard in Poland...

5 Dec 2023 at 15:31 | Open on mstdn.social
ye olde bebe
Matt Palmer
Sean

@kkarhan @q3k @BNetzA @EU_Commission

see the update at the end of the writeup @ zaufanatrzeciastrona.pl/post/o (the "Aktualizacja 2023-12-05 16:00" section, it's in Polish). Basically the "UTK" (transport ministry) appear to have said it's aware of it but it's a civil matter between the train operator and the manufacturer.

5 Dec 2023 at 15:24 | Open on defcon.social
Kevin Karhan :verified:

@smcl @q3k @BNetzA @EU_Commission

That's kinda sad and IMHO a big failure of said regulator.

Imagine if car manufacturers were to leverage the same tech to prevent "unauthorized" / 3rd party repair...

I'm pretty shure once politicians have their car refuse to start after a tire change at home they'll instantly start acting...

5 Dec 2023 at 15:26 | Open on mstdn.social
Joshua Crawford

@kkarhan @smcl @q3k @BNetzA @EU_Commission
haha, politicians changing there own tires at home...

5 Dec 2023 at 18:18 | Open on social.librem.one
goedelchen

@jlcrawf @kkarhan @smcl @q3k @BNetzA @EU_Commission Politicians having their tires changed at home, because they can't be bothered to bring their car to a garage and wait.

5 Dec 2023 at 19:39 | Open on mastodontech.de
Kevin Karhan :verified:

@goedelchen @jlcrawf @smcl @q3k @BNetzA @EU_Commission or because they are too paranoid or because like with all goverments that can afford it, they have a pool of cars and drivers and those - like any decent-sized taxi service - have their own depots and mechanics onsite as well as spare parts because downtime costs money.

Imagine if #cabs or #ambulances and #FireTrucks were to get the #AntiRepair #malware treatment...

#WhatYouAllowIsWhatWillContinue

6 Dec 2023 at 16:16 | Open on mstdn.social
Cysio :verified_gay:​

@kkarhan @smcl @q3k @BNetzA @EU_Commission they also said that cybersecurity in transport is in the purview of the ministry of transport, so let's naively keep our fingers crossed for the upcoming government

5 Dec 2023 at 18:45 | Open on mastodon.cysioland.pl
Andreas K

@kkarhan @q3k @BNetzA @EU_Commission
let's call it what it is, infrastructure #terrorism

Just because the hidden code bombs have not been used yet by terrorists, does not make it less terrorism.

If I read it correctly, this is even distributed in "a gps component broadcasts to the rest of the train if it should stop functioning". Wonder what it would take to emulate such a take down broadcast? Would a Dolphin Flipper be enough or would it need addon hardware?

5 Dec 2023 at 15:26 | Open on mastodon.social
Kevin Karhan :verified:

@yacc143 @q3k @BNetzA @EU_Commission

Not only that, but it's trivial to not only jam GPS [would be interesting if said trains cease to drive without signal!] and it's likely even possible that a malicious #firmware update could basically "geofence" the entire world, bricking the train in the process...

And that's just the things I could come up at a moments' notice.

Imagine what state-sponsored attackers could do:

How about #Ransomware'ing an entire train + passengers???

5 Dec 2023 at 15:30 | Open on mstdn.social
Siegi πŸ‡ΊπŸ‡¦ πŸ‡¬πŸ‡ͺ πŸ’œ πŸ‡¨πŸ‡­

@kkarhan It's what i say for years, now for electronics cars, before to be on the market, the source code *must* be available to customers (and all updates) of every components before to authorize it to be on a road, and on a track for a train.

Without source code, our public services *must* refuse completely to buy trains (and a lot of others things).
@yacc143 @q3k @BNetzA @EU_Commission

5 Dec 2023 at 17:20 | Open on tooting.ch
Go Up