You've probably already heard the story: we got contracted to analyze a bunch of trains breaking down after being serviced by independent workshops. We reverse engineered them and found code which simulated failures when they detected servicing attempts. We presented our findings at 37C3… and then shit hit the fan.

This talk will be an update about what happened since our 37C3 presentation. We’ll talk about:

* Three parliamentary workgroup sessions with dirty bathroom photos on Newag’s offtopic slides, train operators revealing that they paid Newag more than 20k EUR for unlocking a single train, which Newag was able to unlock in 10 minutes, and at the same time saying that they don’t know anything about the locks.
* 140-page lawsuits, accusing us of copyright violation and unfair competition (sic!) with a lot of logical gymnastics.
* How it’s like to repeatedly explain reverse engineering concepts to journalists.
* 6 official investigations, two of them criminal.
* New cases revealed since then (from different train operators).
* and much more!


Michał Kowalczyk, q3k, Jakub Stepniewicz