Authorities in Denmark are urgently studying how to close an apparent security loophole in hundreds of Chinese-made electric buses that enables them to be remotely deactivated.
The investigation comes after transport authorities in Norway, where the Yutong buses are also in service, found that the Chinese supplier had remote access for software updates and diagnostics to the vehicles’ control systems – which could be exploited to affect buses while in transit.
Their investigations found that remote deactivation could be prevented by removing the buses’ sim cards, but they decided against this because it would also disconnect the bus from other systems.
Yes an over the air update without being in maintenance mode should not happen in any vehicle. In fact, I think there should be a hardware switch to prevent this.
The simplest solution is to just restrict software updates to direct physical access, and put the USB port or whatever behind a locked service panel.
If the software can’t be infiltrated remotely, then there won’t be any security issues that are so urgent they need to be patched in the middle of a shift, they can wait for a maintenance stop.