Investigation launched after discovery that Chinese supplier had remote access to vehicles’ control systems

Authorities in Denmark are urgently studying how to close an apparent security loophole in hundreds of Chinese-made electric buses that enables them to be remotely deactivated.

The investigation comes after transport authorities in Norway, where the Yutong buses are also in service, found that the Chinese supplier had remote access for software updates and diagnostics to the vehicles’ control systems – which could be exploited to affect buses while in transit

  • randomname@scribe.disroot.orgEnglish
    1·
    4 days ago

    No, this is not a ‘Chinese’ problem, but as a European I would rather have this problem with a European supplier than with a Chinese supplier for having control over the trains on the continent (or my car, or any technology).

    • poVoq@slrpnk.netMEnglish
      0·
      4 days ago

      I don’t see how that makes a big difference. As the Polish example clearly shows, the laws right now are inadequate to deal with this and it took 3rd party hackers to reverse-engineer it after the company extorted significant amounts of money from the operator to re-enable the trains. And the icing on the cake is that now these hackers are in court, not the company.

      And from an IT security perspective, it doesn’t matter much to an attacker if the remote operated backdoor to shut down these busses is put there by a Chinese or European company (which would likely be using Chinese tech for that anyways).

      • randomname@scribe.disroot.orgEnglish
        1·
        4 days ago

        it doesn’t matter much to an attacker if the remote operated backdoor to shut down these busses is put there by a Chinese or

        It does matter, one major reason being that the European supplier operates under European jurisdictions and is easier to be held accountable.

        European company (which would likely be using Chinese tech for that anyways).

        Wherever that’s the case, it must apparently be changed, one major reason being national security (the same reason why China is blocking European and other non-Chinese vendors in its domestic markets, btw).

        [Edit typo.]

        • poVoq@slrpnk.netMEnglish
          0·
          4 days ago

          Accountable based on what laws? The real issue is that these things are perfectly legal regardless of who does it and that there is also almost no way to hold a supplier accountable for software security breaches (besides the fact that it is too late then anyways).

          • randomname@scribe.disroot.orgEnglish
            1·
            4 days ago

            Accountable based on what laws?

            On the laws we have in European democracies that can be changed and adapted as needed (unlike in China, where this can’t be done).