Norway: Chinese-made electric buses have major security flaw, can be remotely stopped and disabled by their manufacturer in China, Oslo operator says
The public transport operator in Norway’s capital said Tuesday that some electric buses from China have a serious flaw – software that could allow the manufacturer, or nefarious actors, to take control of the vehicle.
Oslo’s transport operator Ruter said they had tested two electric buses this summer – one built by China’s Yutong and the other by Dutch firm VDL.
The Chinese model featured a SIM card that allowed the manufacturer to remotely install software updates that made it vulnerable, whereas the Dutch model did not.
“We’ve found that everything that is connected poses a risk – and that includes buses,” Ruter director Bernt Reitan Jenssen told public broadcaster NRK.
“There is a risk that for example suppliers could take control, but also that other players could break into this value chain and influence the buses.”
Ruter said it was now developing a digital firewall to guard against the issue.
According to other reports, the Chinese manufacturer has access to each bus’s software updates, diagnostics, and battery control systems. “In theory, the bus could therefore be stopped or rendered unusable by the manufacturer,” the company said.
Ruter has reported its findings to Norway’s Ministry of Transport and Communications.
Arild Tjomsland, a special advisor at the University of South-Eastern Norway who helped conduct the tests, said: “The Chinese bus can be stopped, turned off, or receive updates that can destroy the technology that the bus needs to operate normally.”
[…]
It’s mind boggling that EU allows communication from/to vehicles and appliances (without opt-in?) and without a hardware switch that disables all communication in first place.
This is from Norway, they don’t have anything to do with the EU.
We do, through the EEA.
I had a Ford (complete POS) that could only get software upgrades by USB stick, files downloaded.
Allows? If I am not mistaken, they force it on new vehicles. Fascist pieces of shit that our EU overlords are.
@raspberriesareyummy@lemmy.world
As the article says:
And the point is? Both parties are evil.
Lost redditors?
Bad ragebaiter
I thought so, too. But can’t find any sources on that.
There are mandatory black boxes to record telemetry to reconstruct accidents, but those are not (at least not necessarily) online. Automatic emergency calls are mandatory if an accident is detected. This forces “online tech” into the car but is by no means what is discussed here. Factually I guess most european cars are “always online” but it’s their own choice.
See my reply to the other comment. The moment there is no hardware kill-switch for it, you can be sure the fuckers will track our every step. Eventually they’ll probably sell the data to insurers or worse…
They’re already doing it in USA, so I won’t be surprised if EU is.
I wouldn’t be surprised and I’m curious, do you have any reference to EU forcing communications?
https://www.everythingrf.com/community/what-is-ng-ecall
I hate these totalitarian pieces of garbage so much…
For clarification: this will mean sim cards in each vehicle with full GPS tracking data of us being available 24/7 to the fascist overlords.
You keep saying that word. I don’t think you know what it means.
Well, that cites the standards, but only asserts that all vehicles must comply. Can anyone say which law requires it?
In other words, CitationRequired still.
You seem to do selective reading…
Go on, then. What law or link to EUR-LEX did I miss?