Investigation launched after discovery that Chinese supplier had remote access to vehicles’ control systems

Authorities in Denmark are urgently studying how to close an apparent security loophole in hundreds of Chinese-made electric buses that enables them to be remotely deactivated.

The investigation comes after transport authorities in Norway, where the Yutong buses are also in service, found that the Chinese supplier had remote access for software updates and diagnostics to the vehicles’ control systems – which could be exploited to affect buses while in transit.

Their investigations found that remote deactivation could be prevented by removing the buses’ sim cards, but they decided against this because it would also disconnect the bus from other systems.

  • Jumuta@sh.itjust.worksEnglish
    22·
    10 hours ago

    the Chinese supplier had remote access for software updates and diagnostics to the vehicles’ control systems

    this feels like what every tech company is doing nowadays?

    • Someonelol@lemmy.dbzer0.comEnglish
      11·
      9 hours ago

      We used to have vehicles that didn’t need over the air updates for over a century. If they had a problem then a technician could simply perform an onsite diagnostic. Why the hell are we keeping them in a network like they’re computers or no longer supported IoT dongles?

      • tornavish@lemmy.cafeEnglish
        10·
        9 hours ago

        Location tracking, diagnostics, statistics, security. Etc. it’s not a bad idea… for a bus. Less desirable IMO for a personal car.

        This issue is that the manufacturer, or any third party, just has full access. Specifically China, who has a long history of being shady in tech.

        Anything government related should really be on a closed system, even if it’s “wireless”

        • monogram@feddit.nlEnglish
          7·
          9 hours ago

          All of this stuff could be open source and hardware verifiable with arduinos but no, let’s outsource it to china

        • NaibofTabr@infosec.pubEnglish
          6·
          9 hours ago

          Location tracking, diagnostics, statistics, security. Etc. it’s not a bad idea… for a bus.

          There’s no good reason for any of that to be updated while the bus is on the road. It should be done at a service location.

          • tornavish@lemmy.cafeEnglish
            5·
            6 hours ago

            Yes an over the air update without being in maintenance mode should not happen in any vehicle. In fact, I think there should be a hardware switch to prevent this.

            • NaibofTabr@infosec.pubEnglish
              2·
              2 hours ago

              The simplest solution is to just restrict software updates to direct physical access, and put the USB port or whatever behind a locked service panel.

              If the software can’t be infiltrated remotely, then there won’t be any security issues that are so urgent they need to be patched in the middle of a shift, they can wait for a maintenance stop.

          • frongt@lemmy.zipEnglish
            51·
            9 hours ago

            The good reason is that this way, they can click a button and push the update to hundreds of buses at once, instead of having to have them all come in one by one. That’s a huge number of man-hours.