Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

There wasn't just one manufactured failure, but multiple different ones. Refusing to help would also point towards intentional malice. Why would you sell a product, then refuse to assist, unless you've intentionally designed the product to fail so only you would know how to make it work again?


The manufacturer lost the bidding process, so quite reasonably (if you look at it in a limited fashion) said "Fine, let SLS do the work, you're on your own".

Arsehole-ish, but not illegal. All the hidden lockouts on the other hand....


The hidden lockouts containing GPS coordinates of competitors' repair facilities should be more than enough to establish criminal intent (in my armchair non-lawyer opinion).


They knew that SLS would not be able to do it.


I don't think it's assholeish for someone who's not getting compensated in any way to not help out. It's a business. They have an active incentive to NOT help.


It's not about "not wanting to help". It's about placing logic bombs of "if vehicle is at this gps coordinates of a competitor, engage self-destruct". Hackers actually did extract such coordinates from train firmware.


unless we have the entirety of the context for this code and the 20,000 pages of service manuals, i do not accept at face value that it's this simple


Any kind of GPS coordinates, especially those of competitor facilities in the firmware of a train is proof positive that something really bad is going on.

Context and manuals are just so much smoke and fail to obscure the facts.


Considering that the situation this was named after had _very_ specific timing, state and sensor values coded in a defeat device, I'd say that having the mapped the gps coordinates of your competitors im the firmware of your product is pretty damning.

Nevermind the poorly executed "if day => 21, month => 11, year => 2021", which was conveniently setting a failure which wasn't actually present.

It'a probably not that simple, but it's not that complicated either. If you make something engineered to fail without there being a failure present, that's clear malice.

Imagine buying a car, you own it until the warranty runs out and the the manufacturer's workshop moves (say there was a fire/flood/sinkhole/industrial disaster, and they had to) and the car would refuse to move since it's not being serviced at the official location anymore.


There’s literally a hundred reasons why code like that could exist. My point is there is probably another hundred thousand lines of code and we have no idea how the few lines we see are being used.


To what end? So they can sell more trains? That makes no sense.


It seems like the trains were programmed to cease functioning if they spent more than 10 days at the GPS coordinates of maintenance shops not owned by the original manufacturer.

This would force the government to rely exclusively on that manufacturer to then fix these trains and perform all future maintenance.


They wanted to prevent third party repair services from being able to repair their trains, so that they could keep those maintenance contracts for themselves.


After sales support, as in spare parts and maintenance, is a big part of income for manufacturers of heavy equipment, as such machines run for a loong time given parts and maintenance. To me they really did not want to lose on 'subscription money' in the form of service contracts they missed out on. It came close to the operator coming back to them to fix the trains 3rd party seemingly couldn't.


>The train manufacturer, Newag, also competed in the tender to carry out the maintenance, but the manufacturer’s bid was about 750k USD higher and the tender was eventually won by SPS, which offered to carry out the maintenance of 11 trains for around 5.5 mln USD.


Just thinking outloud. But if you made it so your competitor couldn't fulfill their servicing contract, then the entity taking out the contract might just very well come to you to solve the problem. You might not win the contract on price, but win it by default because you made it impossible for anyone else to complete it.

That is until your scheme is uncovered because you left the GPS coordinates of your competitors workshops in your code.


More sanely (not to be confused with likely!) the courts will decide that since this is something only the OEM can do, it must done at no charge as part of normal warranty work.


These trains will be used for decades. Normal warranty wont cover anything of note.


Warranty should cover this - if the manufacture won't let it be fixed by someone else than in should be free.


Every once in a while there comes a point where the discussion of high-currency-shorthand pops up:

>5.5 mln USD. U$5.5m? Not saying I'm more correct than anyone else, but the former seems outlandishly long.


mln is from the Polish original.


5.5 millidollars?


Vendor lock-in for maintenance has massive financial incentive, as was relatively clear in the article, even going so far as to cite some explicit numbers that are relatively big money when projected across the scale of an entire fleet.


How does that make no sense ? That's the whole point of a business.


The idea that does not make sense is that this would increase train sales, not the idea that selling more trains would be good for business.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: