“ Norway’s leading transport operator Ruter sounds the alarm due to the discovery of a serious vulnerability in the security system of electric buses of the Chinese manufacturer Yutong. An internal audit of the company confirmed that the manufacturer has the technical ability to remotely access and disable key bus systems, posing an unprecedented risk to the stability of the country’s public transport operations. Source: The Associated Press Details: The discovered vulnerability is a practical threat, confirmed during specialized tests initiated by the company Ruter. The investigation, conducted in isolated underground mines to block external signals, revealed that the Chinese manufacturer has remote access to bus systems, particularly power management. This means that buses can be stopped or disabled remotely. “The manufacturer has direct digital access to each individual bus for software updates and diagnostics. In theory, this could be used to disrupt the operation of the bus,” Ruter said. In response to the accusations, an unnamed representative of the Chinese Yutong Group said in a comment to the British publication The Guardian that the company “strictly adheres” to local laws. It claims that the data is encrypted, stored in Germany and used exclusively for maintenance. However, these assurances did not remove serious concern in Norway, since the very fact of the existence of such a “black hole” is a critical security threat. In neighboring Denmark, transport company Movia has already begun reviewing its cybersecurity and espionage risk assessment, fearing similar vulnerabilities in its fleet. Ruter immediately began implementing measures to minimize the threat. The company is urgently developing firewalls to isolate bus control systems from outside access, introducing significantly stricter cyber security requirements for future procurement and working with the government to create national security standards to prevent this from happening again in the future. The identified vulnerability demonstrated that the integration of foreign technologies into critical infrastructure without proper controls carries hidden risks of a national scale.”, — write: www.pravda.com.ua
Illustrative photo: Getty Images Source: The Associated Press
Details: The detected vulnerability is a practical threat, confirmed during specialized tests initiated by the company Ruter. The investigation, conducted in isolated underground mines to block external signals, revealed that the Chinese manufacturer has remote access to bus systems, particularly power management. This means that buses can be stopped or disabled remotely.
Advertising:
“The manufacturer has direct digital access to each individual bus for software updates and diagnostics. In theory, this could be used to disrupt the operation of the bus,” Ruter said.
In response to the accusations, an unnamed representative of the Chinese Yutong Group said in a comment to the British publication The Guardian that the company “strictly adheres” to local laws. It claims the data is encrypted, stored in Germany and used solely for maintenance. However, these assurances did not remove serious concern in Norway, since the very fact of the existence of such a “black hole” is a critical security threat.
In neighboring Denmark, transport company Movia has already begun reviewing its cybersecurity and espionage risk assessment, fearing similar vulnerabilities in its fleet.
Ruter immediately began implementing measures to minimize the threat. The company is urgently developing firewalls to isolate bus control systems from outside access, introducing significantly stricter cyber security requirements for future procurement and working with the government to create national security standards to prevent this from happening again in the future. The identified vulnerability demonstrated that the integration of foreign technologies into critical infrastructure without proper controls carries hidden risks of a national scale.