Norway has uncovered hidden remote-access features in Chinese-made Yutong electric buses, allowing potential remote shutdowns from abroad. This discovery by operator Ruter has triggered a nationwide cybersecurity review, highlighting supply chain vulnerabilities in public transport and prompting stricter security measures across Europe.

cross-posted from: https://scribe.disroot.org/post/5486763

Archived version

In a revelation that has sent shockwaves through Europe’s public transportation sector, Norwegian authorities have uncovered hidden remote-access capabilities in electric buses manufactured by Chinese company Yutong. These features, including concealed SIM cards and software backdoors, allow for potential remote shutdowns from abroad, prompting an urgent review of cybersecurity protocols in critical infrastructure.

The discovery came during routine security tests conducted by Ruter, Oslo’s public transport operator, on a fleet of newly acquired Yutong buses. According to reports, the buses contain embedded systems that enable remote diagnostics, software updates, and even control over battery and power systems—capabilities that could theoretically halt operations from thousands of miles away in China.

This incident highlights growing concerns over supply chain vulnerabilities in the era of connected vehicles, where electric buses represent a key component of sustainable urban mobility. Industry experts warn that such hidden features could be exploited not just by manufacturers but by malicious actors, raising alarms about national security in an increasingly digitized transport landscape.

Details emerged from a security audit initiated after Ruter tested the buses’ connectivity features. As reported by Scandasia, hidden remote-access SIM cards were found, allowing unauthorized external control. “We have identified risks related to remote access that could potentially affect the operation of the buses,” a Ruter spokesperson stated in the article.

Broader Implications for Transport Security

Norway’s case is not isolated. Similar concerns have surfaced in other sectors, but this marks a significant escalation in public transport. According to Cybernews, the remote control extends to the buses’ diagnostics module and battery systems, potentially allowing for mass disruptions.

The Norwegian government, as detailed in a report by Anadolu Ajansı, is now reviewing cybersecurity risks across all public transport assets. “Manufacturer access allows buses to be stopped from China,” Ruter confirmed, prompting immediate action to mitigate threats.

Industry insiders point to this as a wake-up call for Europe. A recent article in Focus on Travel News noted that Norway is investigating these buses after finding they can be remotely accessed, raising broader concerns about foreign-made critical infrastructure.

  • AlexLost@lemmy.worldEnglish
    34·
    19 hours ago

    Guess what folks. I will bet with 100% certainty that all electric vehicles have this feature/glitch and people are only scared because China won’t share their data with them. Sino Panic much?!

    • randomname@scribe.disroot.orgOPEnglish
      21·
      9 hours ago

      @[email protected]

      You lost your bet. The Norwegians also tested a Dutch model, and it hasn’t had that feature.

      That aside, China is not exactly among the countries with the friendliest governments. It should be clear that no one can want someone else to have control over its infrastructure. And, yes, China is not the only problem. The point is that here in the Lemmyverse you can criticize everyone, but if you criticize China there comes some whataboutism.

    • Evotech@lemmy.worldEnglish
      3·
      19 hours ago

      They tested all their buses. Only this one had it.

      Not the Dutch ones for instantce

      • AlexLost@lemmy.worldEnglish
        22·
        12 hours ago

        Because the Dutch guys could turn them off so it’s not a problem to them? I’m just throwing shit at the wall here. I have zero clue, just sounds like more anti China propaganda?! I’m just some chump from Canada fyi.