I do worry if they are adding this to buses what are they doing to MacBooks and your phone? Do people here think these devices are compromised or should we take Apple’s word for it!?
All I can say is that shivers go down my spine what could happen if one of those OEM's that have remote updates possible would get their keys compromised. You could brick hundreds of thousands of vehicles. I would be scared shitless to store those things.
If your transport is accessible remotely, it can be hacked remotely.
This reminds me of that story about Polish Trains. In that case GPS was used to execute a kill code.
https://social.hackerspace.pl/@q3k/111528162462505087
So... did the Chinese company put Romanian SIMs in the busses? Or was it an importer that installed those? Are there fleet management features enabled by that connectivity or are they actually secret?
Also, why would they purchase busses that they thought couldn't be remotely monitored or controlled?! That seems like a very valuable feature for public transport.
I work in rail safety. Two major non-Chinese train companies attempted to merge a few years ago, explicitly to build a company that could compete with China's national company, and provide safer alternatives to state-sponsored cyberhacking of Western rail.
It fell down to an anti-monopoly decision by a single person in the EU ministry, who killed the proposal. Several attempts were made to streamline the merger, but she wouldn't budge.
As a result, CRCC continues to win contracts abroad, largely (it is believed) by undercutting competition. IP theft is known to be one objective of their at-loss or low-profit contracts (I've been involved in fighting that, specifically).
It's hardly a stretch to imagine that having control of the rail in countries that might oppose you militarily is strategically huge.
This article is about busways, but the parallels are obvious.
>The transport operator stressed there is no evidence of misuse but said the discovery moves concerns “from suspicion to concrete knowledge”. (...) The case comes as Chinese electric buses are increasingly adopted across global markets,
If a state wants to hide strategic "war/espionage" control, they don't use eSims and open mobile communications, trivially discoverable and traceable. Sounds like some bs "IoT" / telemetry shit manufactures are shoving down our throats for over a decade.
The other side is feigning shock at common industry practices (don't all Tesla's require a net connection for example), to paint it as some unique issue, and kill their sales. In other words , just another episode in the trade war.
Not unlike the DJI drones, which added all kinds of shit because the regulators demanded it, and then they act surprised that it has that shit...
Whats sad is Norway sits right next to the country which manufactures Scania and Volvo Busses, but instead buys busses from thousands of km away. I suppose cost is all that maters these days, even for national infrastructure which must remain in control and secure.
Ah, and they never review iPhones/Android phones after Israeli companies demonstrated they can backdoor any cellphone on this planet, and especially after they demonstrated they can explode consumer devices and maim 3000+ people overnight.
They don’t review Windows machines either after the Snowden revelations.
How many wars did the Chinese start in the past century?
It's common knowdledge that Tesla makes OTA updates all the time. Same security problem. And eCall obviously needs a SIM card in the car and it's not yours.
The remote kill switch became prominent in the Ukrainian war when Russian troops stole John Deere farm vehicles to find them been remotly disabled later on.
lets see, a modern bus has, woooooo, conectivity, woooooo, on basicly everything, woooooo, so some manager can obsess over oil filters or the voltage on the lighting circuit, and the sixteen antenas advertised in the broshure were,in fact installed
realy, wtf?, it's not like anybody is unaware that something like 10 billion things are conected to the net, and dozens, ? hundreds, of actors are doing there best to slurp up every last scrap of data, ha!, that they can
the worst part is that it would be no surprise to find out that the bus comes with
a monitering contract that is in effect.
next it will be cranes all sensored up to detect cable stretch or who know what
and didn't china just go ahead and hack the pentagon, but wooooo, Norwiegen bus hacking
wooooo
This is exactly why BYD is and should continue to be banned in the US. It’s not that they are doing this, but that they have done it and they have the capability
Hospitals all of the world are wholesale switching to chinese equipment - particularly mindray monitors/anaesthetic machines. China could brick all of these hospitals. We are so incredibly dependent on them.
It should be required that all software running on vehicles should have its source code submitted to the regulators along with the tooling to create reproducible builds, with the expectation that the regulators can audit it for back doors. This should apply to cars, buses trains and planes.
It's a bit of a non-issue if you ask me. This remote-access feature sounds like what we usually call a software update feature if it came from a country we weren't scared of.
China disabling our buses? Really? That would be insanely petty and useless.
I think maybe we're straining at gnats and swallowing camels, considering virtually all our phones, computers, TVs etc. come with auto update features, usually giving someone in the US the theoretical capability to brick it. And considering what was done to Karim Khan, I'd say they're far more likely to actually use it.
36 comments
[ 0.21 ms ] story [ 53.3 ms ] threadBYD electric busses have recently rolled out where I live in Sweden.
Danish authorities in rush to close security loophole in Chinese electric buses
https://www.theguardian.com/world/2025/nov/05/danish-authori...
Also, why would they purchase busses that they thought couldn't be remotely monitored or controlled?! That seems like a very valuable feature for public transport.
It fell down to an anti-monopoly decision by a single person in the EU ministry, who killed the proposal. Several attempts were made to streamline the merger, but she wouldn't budge.
As a result, CRCC continues to win contracts abroad, largely (it is believed) by undercutting competition. IP theft is known to be one objective of their at-loss or low-profit contracts (I've been involved in fighting that, specifically).
It's hardly a stretch to imagine that having control of the rail in countries that might oppose you militarily is strategically huge.
This article is about busways, but the parallels are obvious.
If a state wants to hide strategic "war/espionage" control, they don't use eSims and open mobile communications, trivially discoverable and traceable. Sounds like some bs "IoT" / telemetry shit manufactures are shoving down our throats for over a decade.
The other side is feigning shock at common industry practices (don't all Tesla's require a net connection for example), to paint it as some unique issue, and kill their sales. In other words , just another episode in the trade war.
Not unlike the DJI drones, which added all kinds of shit because the regulators demanded it, and then they act surprised that it has that shit...
https://uavcoach.com/dji-ban/#7
They don’t review Windows machines either after the Snowden revelations.
How many wars did the Chinese start in the past century?
(Teasers ... aren't especially conducive to "intellectual curiosity and thoughtful conversation": <https://news.ycombinator.com/item?id=13108404> <https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...>.)
next it will be cranes all sensored up to detect cable stretch or who know what
and didn't china just go ahead and hack the pentagon, but wooooo, Norwiegen bus hacking wooooo
China disabling our buses? Really? That would be insanely petty and useless. I think maybe we're straining at gnats and swallowing camels, considering virtually all our phones, computers, TVs etc. come with auto update features, usually giving someone in the US the theoretical capability to brick it. And considering what was done to Karim Khan, I'd say they're far more likely to actually use it.