Yesterday, US Senators Jeff Merkley (D-OR), Elizabeth Warren (D-MA), and Joshua Hawley (R-MO) sent letters to the heads of Ford, General Motors, and Tesla, as well as the US heads of Honda, Hyundai, Nissan, Stellantis, Subaru, Toyota, and Volkswagen, excoriating them over their opposition to the right-to-repair movement.
“We need to hit the brakes on automakers stealing your data and undermining your right-to-repair,” said Senator Merkley in a statement to Ars. “Time and again, these billionaire corporations have a double standard when it comes to your privacy and security: claiming that sharing vehicle data with repair shops poses cybersecurity risks while selling consumer data themselves. Oregon has one of the strongest right-to-repair laws in the nation, and that’s why I’m working across the aisle to advance efforts nationwide that protect consumer rights.”
Most repairs aren’t at dealerships
The Senators point out that 70 percent of car parts and services currently come from independent outlets, which are seen as trustworthy and providing good value for money, “while nearly all dealerships receive the worst possible rating for price.”
OEMs and their tier-one suppliers restricting the supply of car parts to within their franchised dealership networks also slows down the entire repair process for owners as well as increasing the cost of getting one’s car fixed, the letter states.
As Ars noted recently, more than one in five automotive recalls are now fixed with software patches, and increasingly the right-to-repair fight has centered on things digital—access to diagnostics, firmware, and connected services. The percentage of non-hardware recall fixes will surely grow in the coming years as more and more automakers replace older models with software-defined vehicles.
Enlarge/ Apple’s Vision Pro scored 0 points in US PIRG’s self-repairability analysis.
Kyle Orland
In December, New York became the first state to enact a “Right to Repair” law for electronics. Since then, other states, including Oregon and Minnesota, have passed similar laws. However, a recent analysis of some recently released gadgets shows that self-repair still has a long way to go before it becomes ubiquitous.
On Monday, the US Public Interest Research Group (PIRG) released its Leaders and Laggards report that examined user repairability of 21 devices subject to New York’s electronics Right to Repair law. The nonprofit graded devices “based on the quality and accessibility of repair manuals, spare parts, and other critical repair materials.”
Nathan Proctor, one of the report’s authors and senior director for the Campaign for the Right to Repair for the US PIRG Education Fund, told Ars Technica via email that PIRG focused on new models since the law only applies to new products, adding that PIRG “tried to include a range of covered devices from well-known brands.”
While all four smartphones included on the list received an A-minus or A, many other types of devices got disappointing grades. The HP Spectre Fold foldable laptop, for example, received a D-minus due to low parts (2 out of 10) and manual (4 out of 10) scores.
The report examined four camera models—Canon’s EOS r100, Fujifilm’s GFX 100 ii, Nikon’s Zf, and Sony’s Alpha 6700—and all but one received an F. The outlier, the Sony camera, managed a D-plus.
New York’s Digital Fair Repair Act requires consumer electronics brands to allow consumers access to the same diagnostic tools, parts, and repair manuals that its own repair technicians use. However, the PIRG organization struggled to access manuals for some recently released tech that’s subject to the law.
For example, Sony’s PlayStation 5 Slim received a 1/10 score. PIRG’s report includes an apparent screenshot of an online chat with Sony customer support, where a rep said that the company doesn’t have a copy of the console’s service manual available and that “if the unit needs repair, we recommend/refer customers to the service center.”
Apple’s Vision Pro, meanwhile, got a 0/10 manual score, while the Meta Quest 3 got a 1/10.
According to the report, “only 12 of 21 products provided replacement procedures, and 11 listed which tools are required to disassemble the product.”
The report suggests difficulties in easily accessing repair manuals, with the report’s authors stating that reaching out to customer service representatives “often” proved “unhelpful.” The group also pointed to a potential lack of communication between customer service reps and the company’s repairability efforts.
For example, Apple launched its Self Service Repair Store in April 2022. But PIRG’s report said:
… our interaction with their customer service team seemed to imply that there was no self-repair option for [Apple] phones. We were told by an Apple support representative that ‘only trained Apple Technician[s]’ would be able to replace our phone screen or battery, despite a full repair manual and robust parts selection available on the Apple website.
Apple didn’t immediately respond to Ars Technica’s request for comment.
Enlarge/ Apple has a lot to say about the third-party battery market in “Longevity, by Design,” specifically about how many batteries fail to meet testing standards.
Apple
Earlier this week, Apple published a whitepaper titled “Longevity by Design.” The purpose, Apple says, is to explain “the company’s principles for designing for longevity—a careful balance between product durability and repairability.” It also contains some notable changes to Apple’s parts pairing and repair technology.
Here is a summary of the action items in the document’s 24 pages:
True Tone, the color-balancing screen feature, can soon be activated on third-party screens, “to the best performance that can be provided.”
Battery statistics, like maximum capacity and cycle count, will be available “later in 2024” for third-party batteries, with a notice that “Apple cannot verify the information presented.”
Used Apple parts, transferred from one to another, will be “as easy to use as new Apple parts” in select products “later this year.”
Parts for “most repairs” from Apple’s Self Service Repair program will no longer require a device serial number to order.
Changes timed to “later this year” may well indicate their arrival with iOS 18 or a subsequent update.
Apple’s take on repair focuses on scale
To whom is Apple’s document explaining its principles? Apple might say it’s speaking to consumers and the public, but one might infer that the most coveted audience is elected representatives, or their staff, as they consider yet another state or federal bill aimed at regulating repair. Earlier this year, Oregon and Colorado passed repair bills that stop companies from halting repairs with software checks on parts, or “parts pairing.” Other recent bills and legal actions have targeted repair restrictions in Minnesota, Canada, and the European Union.
Apple came out in support of a repair bill in California and at the federal level, in large part because it allows for parts and tools pricing at “fair and reasonable terms” and requires non-affiliated vendors to disclose their independence and use of third-party parts to customers.
“Longevity, by Design” stakes out Apple’s position that there are things more important than repair. Due to what Apple says is its unique combination of software support, resale value, and a focus on preventing the most common device failures, the company “leads the industry in longevity” as measured in products’ value holding, lifespans, and service rates, Apple says. Hundreds of millions of iPhones more than five years old are in use, out-of-warranty service rates dropped 38 percent from 2015 to 2022, and initiatives like liquid ingress protection dropped repair rates on the iPhone 7 and 7 Plus by 75 percent.
“The reliability of our hardware will always be our top concern when seeking to maximize the lifespan of products,” the whitepaper states. “The reason is simple: the best repair is the one that’s never needed.”
Photos from Apple’s “Longevity, by Design” document showing the water ingress testing as part of its design.
Apple
Consider the charge port
Apple offers the charging port on iPhones as “an internal case study” to justify why it often bundles parts together rather than making them individually replaceable. From the independent repair shops and techs I’ve talked to in my career, iPhone charging ports, and the chips that control them, are not an uncommon failure point. “Cheap charging cables from 7-11 are serial killers,” one board-level repair shop once told me. Apple disagrees, saying it must consider the broader impact of its designs.
“Making the charging port individually replaceable would require additional components, including its own flexible printed circuit board, connector, and fasteners that increase the carbon emissions required to manufacture each device,” Apple states. This could be justified if 10 percent of iPhones required replacement, but Apple says “the actual service rate was below 0.1%.” As such, keeping the port integrated is a lower-carbon-emission choice.
Enlarge/ Oregon’s repair bill prohibits companies from implementing software locks that prohibit aftermarket or used parts from being installed in their devices.
Oregon Governor Tina Kotek today signed the state’s Right to Repair Act, which will push manufacturers to provide more repair options for their products than any other state so far.
The law, like those passed in New York, California, and Minnesota, will require many manufacturers to provide the same parts, tools, and documentation to individuals and repair shops that they provide to their own repair teams.
But Oregon’s bill goes further, preventing companies from implementing schemes that require parts to be verified through encrypted software checks before they will function. Known as parts pairing or serialization, Oregon’s bill, SB 1596, is the first in the nation to target that practice. Oregon State Senator Janeen Sollman (D) and Representative Courtney Neron (D) sponsored and pushed the bill in the state senate and legislature.
“By eliminating manufacturer restrictions, the Right to Repair will make it easier for Oregonians to keep their personal electronics running,” said Charlie Fisher, director of Oregon’s chapter of the Public Interest Research Group (PIRG), in a statement. “That will conserve precious natural resources and prevent waste. It’s a refreshing alternative to a ‘throwaway’ system that treats everything as disposable.”
Oregon’s bill isn’t stronger in every regard. For one, there is no set number of years for a manufacturer to support a device with repair support. Parts pairing is prohibited only on devices sold in 2025 and later. And there are carve-outs for certain kinds of electronics and devices, including video game consoles, medical devices, HVAC systems, motor vehicles, and—as with other states—”electric toothbrushes.”
Apple opposed the Oregon repair bill for its parts-pairing ban. John Perry, a senior manager for secure design at Apple, testified at a February hearing in Oregon that the pairing restriction would “undermine the security, safety, and privacy of Oregonians by forcing device manufacturers to allow the use of parts of unknown origin in consumer devices.”
Apple surprised many observers with its support for California’s repair bill in 2023, though it did so after pressing for repair providers to mention when they use “non-genuine or used” components, and to bar repair providers from disabling security features.
According to Consumer Reports, which lobbied and testified in support of Oregon’s bill, the repair laws passed in four states now cover nearly 70 million people.
Enlarge/ Taylor’s C709 Soft Serve Freezer isn’t so much mechanically complicated as it is a software and diagnostic trap for anyone without authorized access.
Many devices have been made difficult or financially nonviable to repair, whether by design or because of a lack of parts, manuals, or specialty tools. Machines that make ice cream, however, seem to have a special place in the hearts of lawmakers. Those machines are often broken and locked down for only the most profitable repairs.
The Federal Trade Commission and the antitrust division of the Department of Justice have asked the US Copyright Office (PDF) to exempt “commercial soft serve machines” from the anti-circumvention rules of Section 1201 of the Digital Millennium Copyright Act (DMCA). The governing bodies also submitted proprietary diagnostic kits, programmable logic controllers, and enterprise IT devices for DMCA exemptions.
“In each case, an exemption would give users more choices for third-party and self-repair and would likely lead to cost savings and a better return on investment in commercial and industrial equipment,” the joint comment states. Those markets would also see greater competition in the repair market, and companies would be prevented from using DMCA laws to enforce monopolies on repair, according to the comment.
The joint comment builds upon a petition filed by repair vendor and advocate iFixit and interest group Public Knowledge, which advocated for broad reforms while keeping a relatable, ingestible example at its center. McDonald’s soft serve ice cream machines, which are famously frequently broken, are supplied by industrial vendor Taylor. Taylor’s C709 Soft Serve Freezer requires lengthy, finicky warm-up and cleaning cycles, produces obtuse error codes, and, perhaps not coincidentally, costs $350 per 15 minutes of service for a Taylor technician to fix. iFixit tore down such a machine, confirming the lengthy process between plugging in and soft serving.
After one company built a Raspberry Pi-powered device, the Kytch, that could provide better diagnostics and insights, Taylor moved to ban franchisees from installing the device, then offered up its own competing product. Kytch has sued Taylor for $900 million in a case that is still pending.
Beyond ice cream, the petitions to the Copyright Office would provide more broad exemptions for industrial and commercial repairs that require some kind of workaround, decryption, or other software tinkering. Going past technological protection measures (TPMs) was made illegal by the 1998 DMCA, which was put in place largely because of the concerns of media firms facing what they considered rampant piracy.
Every three years, the Copyright Office allows for petitions to exempt certain exceptions to DMCA violations (and renew prior exemptions). Repair advocates have won exemptions for farm equipment repair, video game consoles, cars, and certain medical gear. The exemption is often granted for device fixing if a repair person can work past its locks, but not for the distribution of tools that would make such a repair far easier. The esoteric nature of such “release valve” offerings has led groups like the EFF to push for the DMCA’s abolishment.
DMCA exemptions occur on a parallel track to state right-to-repair bills and broader federal action. President Biden issued an executive order that included a push for repair reforms. The FTC has issued studies that call out unnecessary repair restrictions and has taken action against firms like Harley-Davidson, Westinghouse, and grill maker Weber for tying warranties to an authorized repair service.
Disclosure: Kevin Purdy previously worked for iFixit. He has no financial ties to the company.
Oregon has joined the small but growing list of states that have passed right-to-repair legislation. Oregon’s bill stands out for a provision that would prevent companies from requiring that official parts be unlocked with encrypted software checks before they will fully function.
Bill SB 1596 passed Oregon’s House by a 42 to 13 margin. Gov. Tina Kotek has five days to sign the bill into law. Consumer groups and right-to-repair advocates praised the bill as “the best bill yet,” while the bill’s chief sponsor, state Sen. Janeen Sollman (D), pointed to potential waste reductions and an improved second-hand market for closing a digital divide.
“Oregon improves on Right to Repair laws in California, Minnesota and New York by making sure that consumers have the choice of buying new parts, used parts, or third-party parts for the gadgets and gizmos,” said Gay Gordon-Byrne, executive director of Repair.org, in a statement.
Like bills passed in New York, California, and Minnesota, Oregon’s bill requires companies to offer the same parts, tools, and documentation to individual and independent repair shops that are already offered to authorized repair technicians.
Unlike other states’ bills, however, Oregon’s bill doesn’t demand a set number of years after device manufacture for such repair implements to be produced. That suggests companies could effectively close their repair channels entirely rather than comply with the new requirements. California’s bill mandated seven years of availability.
If signed, the law’s requirements for parts, tools, and documentation would apply to devices sold after 2015, except for phones, which are covered after July 2021. The prohibition against parts pairing only covers devices sold in 2025 and later. Like other repair bills, a number of device categories are exempted, including video game consoles, HVAC and medical gear, solar systems, vehicles, and, very specifically, “Electric toothbrushes.”
Apple had surprised many with its support for California’s repair bill. But the company, notable for its pairing requirements for certain repair parts, opposed Oregon’s repair bill. John Perry, a senior manager for secure design at Apple, testified at an Oregon hearing that the pairing restriction would “undermine the security, safety, and privacy of Oregonians by forcing device manufacturers to allow the use of parts of unknown origin in consumer devices.”
Perry also noted Apple’s improved repair workflow, which no longer requires online access or a phone call to pair parts. Apple devices will still issue notifications and warnings if an unauthorized screen or battery, for example, is installed in an iPhone.
Disclosure: Kevin Purdy previously worked for iFixit. He has no financial ties to the company.
Enlarge/ A stack of broken Chromebook laptops at Cell Mechanic Inc. electronics repair shop in Westbury, New York, U.S., on Wednesday, May 19, 2021.
Chromebooks and MacBooks are among the least repairable laptops around, according to an analysis that consumer advocacy group US Public Interest Research Group (PIRG) shared this week. Apple and Google have long been criticized for selling devices that are deemed harder to repair than others. Worse, PIRG believes that the two companies are failing to make laptops easier to take apart and fix.
The “Failing the Fix (2024)” report released this week [PDF] is largely based on the repairability index scores required of laptops and some other electronics sold in France. However, the PIRG’s report weighs disassembly scores more than the other categories in France’s index, like the availability and affordability of spare parts, “because we think this better reflects what consumers think a repairability score indicates and because the other categories can be country specific,” the report says.
PIRG’s scores, like France’s repair index, also factor in the availability of repair documents and product-specific criteria (the PIRG’s report also looks at phones). For laptops, that criteria includes providing updates and the ability to reset software and firmware.
PIRG also docked companies for participating in trade groups that fight against right-to-repair legislation and if OEMs failed to “easily provide full information on how they calculated their products.”
Chromebooks, MacBooks lag in repairability
PIRG examined 139 laptop models and concluded that Chromebooks, “while more affordable than other devices, continue to be less repairable than other laptops.” This was largely due to the laptops having a lower average disassembly score (14.9) than the other laptops (15.2).
The report looked at 10 Chromebooks from Acer, Asus, Dell, and HP and gave Chromebooks an average repair score of 6.3 compared to 7.0 for all other laptops. It said:
Both of these lower averages indicate that while often considered an affordable choice for individuals or schools, Chromebooks are on average less repairable than other laptops.
Google recently extended Chromebook support from eight years to 10 years. PIRG’s report doesn’t factor in software support timelines, but even if it did, Chromebooks’ repairability score wouldn’t increase notably since the move only brought them to “industry norms,” Lucas Gutterman, Designed to Last campaign director for the US PIRG Education Fund, told me.
Enlarge/ The Chromebooks PIRG considered for its report.
He added, though, that the current “norm” should improve.
At the very least, if it’s no longer financially viable for manufacturers to maintain support, they should allow the community to continue to maintain the software or make it easy to install alternative operating systems so we can keep our laptops from getting junked.
Turning to its breakdown of non-ChromeOS laptops, PIRG ranked Apple laptops the lowest in terms of repairability with a score of D, putting it behind Asus, Acer, Dell, Microsoft, HP, and Lenovo. In this week’s report, Apple got the lowest average disassembly score out of the OEMs (4 out of 10 compared to the 7.3 average)
Europe’s right-to-repair rules will force vendors to stand by their products an extra 12 months after a repair is made, according to the terms of a new political agreement.
Consumers will have a choice between repair and replacement of defective products during a liability period that sellers will be required to offer. The liability period is slated to be a minimum of two years before any extensions.
“If the consumer chooses the repair of the good, the seller’s liability period will be extended by 12 months from the moment when the product is brought into conformity. This period may be further prolonged by member states if they so wish,” a European Council announcement on Friday said.
The 12-month extension is part of a provisional deal between the European Parliament and Council on how to implement the European Commission’s right-to-repair directive that was passed in March 2023. The Parliament and Council still need to formally adopt the agreement, which would then come into force 20 days after it is published in the Official Journal of the European Union.
“Once adopted, the new rules will introduce a new ‘right to repair’ for consumers, both within and beyond the legal guarantee, which will make it easier and more cost-effective for them to repair products instead of simply replacing them with new ones,” the European Commission said on Friday.
Rules prohibit “barriers to repair”
The rules require spare parts to be available at reasonable prices, and product makers will be prohibited from using “contractual, hardware or software related barriers to repair, such as impeding the use of second-hand, compatible and 3D-printed spare parts by independent repairers,” the Commission said.
The newly agreed-upon text “requires manufacturers to make the necessary repairs within a reasonable time and, unless the service is provided for free, for a reasonable price too, so that consumers are encouraged to opt for repair,” the European Council said.
There will be required options for consumers to get repairs both before and after the minimum liability period expires, the Commission said:
When a defect appears within the legal guarantee, consumers will now benefit from a prolonged legal guarantee of one year if they choose to have their products repaired.
When the legal guarantee has expired, the consumers will be able to request an easier and cheaper repair of defects in those products that must be technically repairable (such as tablets, smartphones but also washing machines, dishwashers, etc.). Manufacturers will be required to publish information about their repair services, including indicative prices of the most common repairs.
The overarching goal as stated by the Commission is to overcome “obstacles that discourage consumers to repair due to inconvenience, lack of transparency or difficult access to repair services.” To make finding repair services easier for users, the Council said it plans a European-wide online platform “to facilitate the matchmaking between consumers and repairers.”
Enlarge/ Samsung shared this rendering of a CAMM ahead of the publishing of the CAMM2 standard in September.
Of all the PC-related things to come out of CES this year, my favorite wasn’t Nvidia’s graphics cards or AMD’s newest Ryzens or Intel’s iterative processor refreshes or any one of the oddball PC concept designs or anything to do with the mad dash to cram generative AI into everything.
No, of all things, the thing that I liked the most was this Crucial-branded memory module spotted by Tom’s Hardware. If it looks a little strange to you, it’s because it uses the Compression Attached Memory Module (CAMM) standard—rather than being a standard stick of RAM that you insert into a slot on your motherboard, it lies flat against the board where metal contacts on the board and the CAMM module can make contact with one another.
CAMM memory has been on my radar for a while, since it first cropped up in a handful of Dell laptops. Mistakenly identified at the time as a proprietary type of RAM that would give Dell an excuse to charge more for it, Dell has been pushing for the standardization of CAMM modules for a couple of years now, and JEDEC (the organization that handles all current computer memory standards) formally finalized the spec last month.
Something about seeing an actual in-the-wild CAMM module with a Crucial sticker on it, the same kind of sticker you’d see on any old memory module from Amazon or Newegg, made me more excited about the standard’s future. I had a similar feeling when I started digging into USB-C or when I began seeing M.2 modules show up in actual computers (though CAMM would probably be a bit less transformative than either). Here’s a thing that solves some real problems with the current technology, and it has the industry backing to actually become a viable replacement.
From upgradable to soldered (and back again?)
Enlarge/ SO-DIMM memory slots in the Framework Laptop 13. RAM slots used to be the norm in laptop motherboards, though now you need to do a bit of work to seek out laptops that feature them.
Andrew Cunningham
It used to be easy to save some money on a new PC by buying a version without much RAM and performing an upgrade yourself, using third-party RAM sticks that cost a fraction of what manufacturers would charge. But most laptops no longer afford you the luxury.
Most PC makers and laptop PC buyers made an unspoken bargain in the early- to mid-2010s, around when the MacBook Air and the Ultrabook stopped being special thin-and-light outliers and became the standard template for the mainstream laptop: We would jettison nearly any port or internal component in the interest of making a laptop that was thinner, sleeker, and lighter.
The CD/DVD drive was one of the most immediate casualties, though its demise had already been foreshadowed thanks to cheap USB drives, cloud storage, and streaming music and video services. But as laptops got thinner, it also gradually became harder to find Ethernet and most other non-USB ports (and, eventually, even traditional USB-A ports), space for hard drives (not entirely a bad thing, now that M.2 SSDs are cheap and plentiful), socketed laptop CPUs, and room for other easily replaceable or upgradable components. Early Microsoft Surface tablets were some of the worst examples of this era of computer design—thin sandwiches of glass, metal, and glue that were difficult or impossible to open without totally destroying them.
Another casualty of this shift was memory modules, specifically Dual In-line Memory Modules (DIMMs) that could be plugged into a socket on the motherboard and easily swapped out. Most laptops had a pair of SO-DIMM slots, either stacked on top of each other (adding thickness) or placed side by side (taking up valuable horizontal space that could have been used for more battery).
Eventually, these began to go away in favor of soldered-down memory, saving space and making it easier for manufacturers to build the kinds of MacBook Air-alikes that people wanted to buy, but also adding a point of failure to the motherboard and possibly shortening its useful life by setting its maximum memory capacity at the outset.
Enlarge/ The iPhone 15 is part of Apple’s self-repair program now.
Samuel Axon
Apple today expanded the Self Service Repair program it launched in April to include access to Apple’s diagnostics tool online and the iPhone 15 series and M2 Macs.
The online tool, Apple said in today’s announcement, provides “the same ability as Apple Authorized Service Providers and Independent Repair Providers to test devices for optimal part functionality and performance, as well as identify which parts may need repair.” The troubleshooting tool is only available in the US and will hit Europe in 2024, according to Apple.
Upon visiting the tool’s website, you’ll be prompted to put your device in diagnostic mode before entering the device’s serial number. Then, you’ll have access to a diagnostic suite, including things like a mobile resource inspector for checking software and validating components’ presence, testing for audio output and “display pixel anomalies,” and tests for cameras and Face ID.
Apple’s support page says the tests may “help isolate issues, investigate whether a part needs to be replaced, or verify that a repair has been successfully completed.”
The tool requires iOS 17.0 or macOS Sonoma 14.1 and later.
Apple’s Self Service Repair program relies on parts pairing, though, and critics say this limits the tools’ effectiveness. Self-repair activist iFixit has been vocal about its disagreement with Apple’s use of the practice since the tech giant launched its self-repair program. iFixit has argued that parts serialization limits the usage of third-party parts. In September, iFixit CEO Kyle Wiens called parts pairing “a serious threat to our ability to fix the things we own,” noting that Apple may be seeking to strong-arm a favorable customer experience but that it’s costing us the environment and “ownership rights.”
In a statement to Ars Technica today, Wiens expressed further disappointment with Apple’s parts serialization:
Apple still has a long way to go to create a robust repair ecosystem, including ending their repair-hostile parts pairing system. This software tool clearly illuminates the problems we’ve identified with parts pairing, where the diagnostic tool fails to recognize the ambient light sensor in a new part we’ve installed.
Users of Apple M2-based MacBook Pro and MacBook Air laptops, as well as the Mac Mini, Pro, and Studio, are now all included in the program, which gives customers access to tools, parts, and manuals previously only accessible by Apple and authorized repair partners. Customers can also rent tool repair kits, although they, too, have been criticized for their bulkiness and limited rental period.
Since launching its repair program, though, Apple has made a turnabout with user repairability, even if it’s still flawed. With the latest additions, Apple’s program now supports 35 products. The company has also become an unexpected proponent for state and national right-to-repair bills. And it’s simplified repairs via its Self Service Repair program— somewhat—by no longer requiring fixers to call Apple upon repair completions. People can instead verify repairs and update firmware with the System Configuration post-repair software tool. Today, Apple also announced bringing the program to 24 new European countries, bringing the program’s total to 33 countries.
Apple still says its repair program is best reserved for people who are experienced with electronics repairs.
Enlarge/ Dragon Sector uploaded a video to social media after discovering an “undocumented ‘unlock code’ which you could enter from the train driver’s panel” fixed “mysterious issues” impacting trains in Poland.
An unusual right-to-repair drama is disrupting railroad travel in Poland despite efforts by hackers who helped repair trains that allegedly were designed to stop functioning when serviced by anyone but Newag, the train manufacturer.
Members of an ethical hacking group called Dragon Sector, including Sergiusz Bazański and Michał Kowalczyk, were called upon by a train repair shop, Serwis Pojazdów Szynowych (SPS), to analyze train software in June 2022. SPS was desperate to figure out what was causing “mysterious failures” that shut down several vehicles owned by Polish train operator the Lower Silesian Railway, Polish infrastructure trade publication Rynek Kolejowy reported. At that point, the shortage of trains had already become “a serious problem” for carriers and passengers, as fewer available cars meant shorter trains and reduced rider capacity, Rynek Kolejowy reported.
Dragon Sector spent two months analyzing the software, finding that “the manufacturer’s interference” led to “forced failures and to the fact that the trains did not start,” and concluding that bricking the trains “was a deliberate action on Newag’s part.”
According to Dragon Sector, Newag entered code into the control systems of Impuls trains to stop them from operating if a GPS tracker indicated that the train was parked for several days at an independent repair shop.
The trains “were given the logic that they would not move if they were parked in a specific location in Poland, and these locations were the service hall of SPS and the halls of other similar companies in the industry,” Dragon Sector’s team alleged. “Even one of the SPS halls, which was still under construction, was included.”
The code also allegedly bricked the train if “certain components had been replaced without a manufacturer-approved serial number,” 404 Media reported.
In a statement, Newag denied developing any so-called “workshop-detection” software that caused “intentional failures” and threatened to sue Dragon Sector for slander and for violating hacking laws.
“Hacking IT systems is a violation of many legal provisions and a threat to railway traffic safety,” Newag said, insisting that the hacked trains be removed from use because they now pose alleged safety risks. Newag’s safety claims are still unsubstantiated, 404 Media reported.
“We categorically deny and negate Newag’s uploading of any functionality in vehicle control systems that limits or prevents the proper operation of vehicles, as well as limiting the group of entities that can provide maintenance or repair services,” Newag’s statement said. According to Newag, Dragon Sector’s report shouldn’t be trusted because it was commissioned by one of Newag’s biggest competitors.
Dragon Sector maintains that the evidence supports its conclusions. Bazański posted on Mastodon that “these trains were locking up for arbitrary reasons after being serviced at third-party workshops. The manufacturer argued that this was because of malpractice by these workshops, and that they should be serviced by them instead of third parties.” In some cases, Bazański wrote, Newag “appeared to be able to lock the train remotely.”
Newag has said that “any remote intervention” is “virtually impossible.”
Lawsuit threats fails to silence hackers
Dragon Sector got the trains running after discovering “an undocumented ‘unlock code’ which you could enter from the train driver’s panel which magically fixed the issue,” Dragon Sector’s team told 404 Media.
Newag has maintained that it has never and will never “introduce into the software of our trains any solutions that lead to intentional failures.”
“We do not know who interfered with the train control software, using what methods and what qualifications,” Newag said. “We also notified the Office of Rail Transport about this so that it could decide to withdraw from service the sets subjected to the activities of unknown hackers.”
Dragon Sector and SPS have denied interfering with the train’s control systems.
While Newag has contacted authorities to investigate the hacking, Janusz Cieszyński, Poland’s former minister of digital affairs, posted on X that the evidence appears to weigh against Newag.
“The president of Newag contacted me,” Cieszyński wrote. “He claims that Newag fell victim to cybercriminals and it was not an intentional action by the company. The analysis I saw indicated something else, but for the sake of clarity, I will write about everything.
Newag president Zbigniew Konieczek said that “no evidence was provided that our company intentionally installed the faulty software. In our opinion, the truth may be completely different—that, for example, the competition interfered with the software.”
Konieczek also accused Cieszyński of disseminating “false and highly harmful information about Newag.”
404 Media noted that Newag appeared to be following a common playbook in the right-to-repair world where manufacturers intimidate competitor repair shops with threatened lawsuits and unsubstantiated claims about safety risks of third-party repairs. So far, Dragon Sector does not appear intimidated, posting its success on YouTube and discussing its findings at Poland’s Oh My H@ck conference in Warsaw. The group is also planning “a more detailed presentation” for the 37th Chaos Communication Congress in Hamburg, Germany, at the end of December, The Register reported.
Because of the evidence gathered during their analysis, the Dragon Sector team has doubts about whether Newag will actually follow through with the lawsuit.
“Their defense line is really poor, and they would have no chance defending it,” Kowalczk told 404 Media. “They probably just want to sound scary in the media.”
