Authorities in Denmark are urgently studying how to close an apparent security loophole in hundreds of Chinese-made electric buses that enables them to be remotely deactivated.
The investigation comes after transport authorities in Norway, where the Yutong buses are also in service, found that the Chinese supplier had remote access for software updates and diagnostics to the vehicles’ control systems – which could be exploited to affect buses while in transit
Over the air updates and remote diagnostics are both things that are sold as features and are often even requested by the transportation companies.
To be honest I am a bit surprised that they are surprised this exists.
To be completely honest: there are even ECE regulations regarding software updates over the air.
This is nothing new and nothing special. Almost all vehicles these days are connected to their manufacturer.
Also regarding deactivating this „feature“. It is usually quite simple, just unplug the connectivity ECU.
To be honest I am a bit surprised that they are surprised this exists.
Guess they didn’t request this feature. Not this way at least
wait until you hear how chinese manufacturers can turn off at least half of our solar infrastructure on a whim.
must be hard to whitelist their own system, and blacklist outside data
I wonder how this procurement was done, and who was responsible. Obviously, they never really checked the buses for security issues, or they where wrongly informed. How much will this investigation and updates cost, and would with hindsight, a different choice have been better and cheaper? If so, someone in procurement has been swayed, bought-off or was very misguided.
