In 2022, there were a series of failures of Impuls trains belonging to the Newag company from Nowy Sącz. These vehicles are used, among others, by Koleje Dolnośląskie, PolRegio or Warsaw’s Szybka Kolej Miejska. The faults led to, among others: to delays and changes in timetables.
It is worth recalling here that just a few years ago, the largest rolling stock manufacturers basically had a monopoly on servicing the trains they produced.
Mainly they took part in tenders for mandatory inspections of their vehicles, because other companies knew that they were at a loss. At that time, the dominant narrative of manufacturers was that the ‘Maintenance System Documentation’, i.e. a specific operating manual for a given vehicle, was the manufacturer’s secret, its great intellectual property, and under no circumstances could it be transferred to other service companies.
– explains an anonymous railway safety expert, quoted by Onet.
The situation changed thanks to the European Railway Agency, thanks to which the train servicing market was also opened to external companies. One of such companies was SPS Mieczkowski from Bydgoszcz.
Newag train failures. Shocking findings from hackers
As Onet describes, SPS Mieczkowski took over the order from Newag to service Impuls buses that operated for Koleje Dolnośląskie. And that was when the problems with the vehicles began. Four broken trains were sent to SPS, and the company could not find the cause of the mysterious defect.
As a result, Koleje Dolnośląskie started charging her contractual penalties. In the end, the broken Impulsas were returned to Newag and only there they were repaired. When numerous rumors began to reach SPS that the faults in the Impuls trains could be caused by intentional interference with the trains’ software, it decided to use the help of hackers from the Dragon Sector group.
Dragon Sector is the absolute global elite in the field of cybersecurity. Over the last few years, the group has won a number of awards and distinctions in competitions organized by the largest technology companies, such as Google.
Our analysis for SPS Mieczkowski lasted two months. After this time, we managed to unblock the trains. Today we are sure that it was a deliberate action on Newag’s part. We discovered the manufacturer’s interference in the software, which led to forced failures and to the fact that the trains did not start.
– explains Michał Kowalczyk, one of the members of Dragon Sector, in an interview with Onet.
In the following weeks, experts from Dragon Sector began to be contacted by other railway companies that also had problems with servicing their Impuls trains. In total, there are 29 trains running, including: for PolRegio, Koleje Mazowieckie and Warszawska Kolej Dojazdowa. The hackers’ findings turned out to be shocking.
First, someone from Newag entered the logic into the software that if the train stands still for more than ten days, it will not move. Someone apparently thought that if the train is parked, it must be inspected by some service. However, these trains were also parked in the hangars of the Lower Silesian Railways. Someone from Newag rightly decided that this spoiled the narrative about the incompetence of the SPS, so a kind of ‘innovation’ was introduced
– explains Kowalczyk.
. They explain in detail the numerous complexities related to interfering with vehicle software.
Newag denies the accusations
Newag categorically dissociates itself from the accusations made by SPS Mieczkowski and Dragon Sector. The company informed that it had already notified the “appropriate services” in this matter.
According to the Company’s knowledge and assessment, users of railway vehicles in Poland, guided mainly or exclusively by price, increasingly entrust the maintenance of railway vehicles to entities that do not have the appropriate competences and know-how necessary to maintain modern railway vehicles. In the Company’s opinion, this type of policy, which is unthinkable in Western European countries, may one day lead to a human tragedy in the form of a railway disaster.
– we read in Newag’s statement.
The Office of Rail Transport also commented on the matter.
The President of UTK is aware of the matter and has verified the information regarding the analyzes of railway vehicle software carried out, and is also cooperating with the relevant services on this matter. Together with CERT Polska (a team established to respond to incidents violating Internet security), a meeting with the vehicle manufacturer was organized. The vehicles meet the essential requirements specified in the provisions of European directives. It is the person ordering the vehicle that determines the terms of service and warranty within the scope of contractual freedom. Such requirements are included in train purchase contracts. Any limitations on servicing capabilities, including limitations introduced in the software, may constitute a potential civil dispute between the ordering party and the manufacturer. The President of UTK is not the competent authority in this matter.
– says the statement of UTK.
According to Onet, the Central Anticorruption Bureau is also investigating the train failure. We have asked Newag to comment on the matter. The article will be updated as soon as we receive a response.
Source: Gazeta
Mabel is a talented author and journalist with a passion for all things technology. As an experienced writer for the 247 News Agency, she has established a reputation for her in-depth reporting and expert analysis on the latest developments in the tech industry.
