cross-posted from: https://lemmy.sdf.org/post/45485021

Archived

Authorities in two countries in northern Europe and Australia have voiced concern that a Chinese supplier of electric buses may have the capacity to remotely deactivate them.

Transport officials in Norway and Denmark are investigating the apparent “security loophole” in hundreds of buses, according to a report by The Guardian this week, following news that the supplier of Yutong buses “had remote access for software updates and diagnostics to the vehicles’ control systems – which could be exploited to affect buses while in transit.”

Norwegian public transport operator Ruter published test results last week that showed the bus-maker Yutong Group had access to buses’ control systems for software updates and diagnostics on the model they tested.

[…]

Ruter found that remote deactivation could be prevented if SIM cards in the buses were removed, but they had not done this yet, as it would also disconnect the bus from other systems. They are now seeking help from national authorities and stricter security requirements for any procurements in the future.

[…]

“This is not a Chinese bus problem. It is a problem for all types of vehicles and devices with Chinese electronics built in,” said [Jeppe Gaard, the chief operating officer for Movia, Denmark’s largest public transport company].

[…]

Alaistair MacGibbon, a former head of the Australian Cyber Security Centre, was quoted as telling ABC News that all “connected” vehicles, such as electric vehicles, require constant connectivity with manufacturers who have access to microphones, cameras, and GPS devices.

“The problem is, of course, that if a company is domiciled in China, they obviously come under the lawful direction of the CCP [Chinese Communist Party].”

[…]