10 mo. ago • 95%

Breaking "DRM" in Polish trains [video] – 37c3 presentation

streaming.media.ccc.de Breaking "DRM" in Polish trains

We've all been there: the trains you're servicing for a customer suddenly brick themselves and the manufacturer claims that's because you...

Follow up to https://kbin.social/m/technology@lemmy.ml/t/700738

cross-posted from: https://derp.foo/post/544012

There is a discussion on Hacker News, but feel free to comment here as well.

Right to Repair @discuss.tchncs.de Breaking "DRM" in Polish trains [video] – 37c3 presentation

Technology @lemmy.world Breaking "DRM" in Polish trains [video] – 37c3 presentation

Hacker News @derp.foo Breaking "DRM" in Polish trains [video] – 37c3 presentation

9 comments

Wow, so many good parts in this...

Side note: I do not do any coding professionally, just self taught stuff to impressive my business coworkers - but this was really well explained.

My favorites: Default username and password for accessing the debugger on the trains computer (that apparently can't be changed)

Hard coded geofenced coordinates that would disable a train if it was being serviced at a competitors location

Absolute favorite: the incorrectly programmed date lock that would only disable the train November & December on the 21st-30th

Hopefully the company is reprimanded for this - here in the US it would probably be a slap on the wrist and nothing else.

26
- This would be quite a bit more than a slap on the wrist in the US, the City of New York does all its own maintenance on all its buses, railroad and subway trains.
  
  Manufacturer interference would result in some of the most aggressive city lawyers grinding the manufacturer's headquarters into dust, legislatively.
  
  I can't believe it'd be different at any other jurisdiction within the US.
  
  17
  
  Hmm, that's good / reassuring - hopefully we don't have to find out!
  
  4
  
  The dice have just started rolling. Shit is possibly going to hit the fan real hard for Newag next year.
  
  CC BY-NC-SA 4.0
  
  1
- From the sound of them, it sounds like the polish government will take it seriously, and it can be that its going to go be an international thing too...
  
  9
- The best part is that they doubled down on it by adding that nonsense copyright infringement message.
  
  You would think that they would try to hide their tracks at this point but instead they add more stuff that further proves that they are malicious.
  
  1
Was there and that was the best talk of the day

8
- Was it really at 23:00 as scheduled?
  
  3
  
  Yes. I stayed up late to watch the stream haha
  
  4

You've viewed 9 comments.