this post was submitted on 29 Jul 2025
702 points (99.6% liked)

Technology

73655 readers
4002 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
702
Polish Train Maker Is Suing the Hackers Who Exposed Its Anti-Repair Tricks (www.ifixit.com)
submitted 1 week ago* (last edited 1 week ago) by Pro@programming.dev to c/technology@lemmy.world
48 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] TauZero@mander.xyz 54 points 1 week ago (6 children)

Newag [train maker] claims that the Dragon Sector [whitehat hacker] team endangered passengers’ safety by modifying the software without proper experience. But Newag then turns right around and claims that Dragon Sector did not modify the software at all. They point out that EU law only allows reverse engineering of software in order to fix bugs. And if Dragon Sector did not actually modify the software, it cannot have fixed any bugs, in which case their reverse-engineering must be illegal.

[–] defaultusername@lemmy.dbzer0.com 12 points 1 week ago* (last edited 1 week ago) (1 children)

Do they... not know what reverse engineering means?

[–] TauZero@mander.xyz 21 points 1 week ago (2 children)

It's worse. They are saying that the EU copyright law, as written, only allows decompiling/reverse engineering to "fix bugs". A bug fix would involve a software patch of some sorts. But the security researchers did not have time to write a patch yet, what they did is tell the customer "Yep, it's fucked. Your vendor put in a killswitch to make the trains brick themselves." So that does tell them where the problem is, but it is not a bona fide bug fix from the Bugfix region of France, and therefore illegal.

[–] dev_null@lemmy.ml 2 points 6 days ago

But the security researchers did not have time to write a patch yet

This is not true. They never intended, and said would never try to make any modifications to the train software, because it would be very illegal, you can't make modifications to the trains without the train having to go through recertification again and they have no credentials to be making any modifications to trains.

They only analysed a copy of the software, and found secret undocumented unlock codes that could just be typed in at the cabin without having to modify anything.

[–] boonhet@sopuli.xyz 15 points 1 week ago

Ah so it's just sparkling engineering

load more comments (4 replies)