A vulnerability has been discovered in Chinese electric buses circulating in Oslo, which may come under the control of their manufacturer or third parties, the Norwegian capital’s public transport operator announced on Tuesday. The operator Ruter has discreetly tested two electric buses this summer, one built by the Chinese company Yutong and the other by the Dutch company VDL, in an isolated place inside a mountain, to measure their electromagnetic waves.
“What we found is that everything that is connected, including buses, presents a risk,” Ruter director Bernt Reitan Jenssen told Norwegian broadcaster NRK.
This vulnerability is related to a box containing a SIM card that allows the manufacturer of the Chinese model to remotely install software updates but also, according to experts, deactivate the bus, the Aftenposten newspaper detailed. This functionality and therefore this vulnerability does not exist in the Dutch model, according to these same experts.
The cameras installed on the two buses, Chinese and Dutch, are not connected to the Internet and do not transmit data, Ruter said in a press release. Asked by AFP, Yutong did not immediately react.
300 electric buses in Oslo
Ruter says he informed Norwegian authorities of his findings and announced measures such as the development of a digital firewall to protect against remote control of a bus. “We want to thoroughly assess the risks associated, in particular, with the transport of buses from countries with which we do not cooperate on security,” responded Norwegian Transport Minister Jon-Ivar Nygård. “This work is ongoing,” he told NRK.
Ruter operates about 300 Chinese electric buses in and around Oslo.
Source: BFM TV
