Norway: Chinese-made electric buses have major security flaw, can be remotely stopped and disabled by their manufacturer in China, Oslo operator says
The public transport operator in Norway’s capital said Tuesday that some electric buses from China have a serious flaw – software that could allow the manufacturer, or nefarious actors, to take control of the vehicle.
Oslo’s transport operator Ruter said they had tested two electric buses this summer – one built by China’s Yutong and the other by Dutch firm VDL.
The Chinese model featured a SIM card that allowed the manufacturer to remotely install software updates that made it vulnerable, whereas the Dutch model did not.
“We’ve found that everything that is connected poses a risk – and that includes buses,” Ruter director Bernt Reitan Jenssen told public broadcaster NRK.
“There is a risk that for example suppliers could take control, but also that other players could break into this value chain and influence the buses.”
Ruter said it was now developing a digital firewall to guard against the issue.
According to other reports, the Chinese manufacturer has access to each bus’s software updates, diagnostics, and battery control systems. “In theory, the bus could therefore be stopped or rendered unusable by the manufacturer,” the company said.
Ruter has reported its findings to Norway’s Ministry of Transport and Communications.
Arild Tjomsland, a special advisor at the University of South-Eastern Norway who helped conduct the tests, said: “The Chinese bus can be stopped, turned off, or receive updates that can destroy the technology that the bus needs to operate normally.”
[…]
In other news: There are trees in the forest.
trees are supposed to be there, this is not. While this is very expected, anything we can do to avoid normalizing it would be great.
This stuff is normal in China. It‘s just reality. Don‘t buy Chinese EVs if you want secure infrastructure. Even when they don‘t have bad intentions (at the moment) they can interrupt or even break things accidentally. Many people who own a Bambu 3D printer know what I mean. You just don‘t own these things when you buy them.
that advice is worth shit when public transport is replaced with that, and when those vehicles will be on the same roads as normal offline vehicles
What offline vehicles? The ones from the 70s or 80s where parts are gotten from scrap yards or not at all?
I don’t know how did you get that number. i mean like those from before 2010, probably even 2015.
https://themotorguy.com/a-historical-perspective-when-cars-first-got-computers/
the problem is not computerized cars. who the fuck cares. there was a long period of computerized cars without any kind of internet connectivity.
I think I put it clearly 2 comments ago.
Other than China anyone with the knowledge could theoretically hacks the system and make bank on a ransom
Equating a car to a 3d printer is certainly a take.
It‘s referencing an incident where Bambu printers suddenly stopped the current print job globally due to an issue, proving that Bambu can indeed remote control their hardware.
People like you make it worse. It’s clearly stated that they have an alternative, the VDL model does not have the same vulnerability. This is a good thing, and bringing publicity to the issue raises awareness about it for other people. You handwaving and normalising it just makes it more socially acceptable when it shouldn’t be.
How do I make it worse? Please explain. I think I was clearly in favor of this alternative when I wrote that comment. I don‘t understand where that „normalizing“ is coming from. It is normal for Chinese products to behave this way. We know this in part because of tests like this one. I don‘t think I implied that‘s a bad thing at all, but the results should be hardly surprising to anyone at this point.
I see. Your initial comment was short, and gave the impression you were referring to the state of things in general, not the Chinese products in particular. Hence why it comes across as ‘normalising’. It’s clear now that’s not what you meant, but it wasn’t before.
On a side note, it’s not Chinese-specific behaviour. If anything, American companies tend to be the biggest offenders of the enshittification process. Though TBF, there are bad actors from every country.