They're putting DRM in trains, now: Hired hackers Dragon Sector take to the Chaos Communication Congress stage and explain how they caught a manufacturer red-handed

pcgamer.com:

You wouldn't download a train—but you might conceivably want to repair one. Those worries have led to a massive controversy in Poland, as train manufacturer Newag has come under fire for likely adding DRM-style protection to stop its vehicles from being repaired at competitor facilities.

As laid out by Notes from Poland, the manufacturer's trains had inexplicably come to «a standstill in several places in Poland». Not only did they stop working after competitors attempted to repair them, one inexplicably bricked itself on November 21, 2023. More on that later.

A company named SPS Mieczkowski received fines from a rail operator when it failed to repair one of Newag's trains. It decided to then make privateers out of pirates, hiring a collective of hackers called Dragon Sector. Speaking with Onet, one such hacker Michał Kowalczyk said: «We discovered the manufacturer’s interference in the software, which led to forced failures.»

Newag has naturally been denying the accusations, though the evidence seems damning. As reported by Gizmodo, three hackers affiliated with Dragon Sector took to the stage of the Chaos Communication Congress (a hacker convention dedicated to discussing cybersecurity, privacy, and the like) to share their findings. 

In the talk «Breaking DRMS in Polish Trains», the team stated it was «100% sure» it was in the right, and that «it’s Newag that should be scared, not us.» 

«One of the most common in the trains we investigated is what we call 'lack of movement' or 'idle timer',» explains Jakub Stępniewicz, who goes by the alias MrTick. He explains that if a train doesn't move at least 60km/h for at least three minutes for more than 10 days, it'll permanently lock. However—MrTick says there were false