- cross-posted to:
- world@lemmy.world
- cross-posted to:
- world@lemmy.world
Authorities in Denmark are urgently studying how to close an apparent security loophole in hundreds of Chinese-made electric buses that enables them to be remotely deactivated.
The investigation comes after transport authorities in Norway, where the Yutong buses are also in service, found that the Chinese supplier had remote access for software updates and diagnostics to the vehicles’ control systems – which could be exploited to affect buses while in transit
I wonder how this procurement was done, and who was responsible. Obviously, they never really checked the buses for security issues, or they where wrongly informed. How much will this investigation and updates cost, and would with hindsight, a different choice have been better and cheaper? If so, someone in procurement has been swayed, bought-off or was very misguided.
Online updates and remote diagnostics are usually an advertised feature and might even have been a selling argument as it appears to save costs in maintenance… until the Polish vendor turns off their trains because the operator dared to try to repair them themselves (yes that is not a “Chinese” problem).
about the polish case.
“Digging into the code revealed a software trap that would disable trains if they were anywhere near a repair facility that wasn’t run by the manufacturer, Newag. But Newag used a pretty inaccurate way to determine when the trains were in a rival repair shop, which led to some unexpected consequences.”
I don’t think this is what the problem with the buses are about. Ofcourse, on the fly update and remote features are probably more advanced. But if a third party (country) has 100% control, that means you don’t have any.