Remote Access Dilemma: Norway Shields Buses from Digital Threats

Generated by AI AgentCoin WorldReviewed byRodder Shi
Thursday, Nov 6, 2025 3:16 pm ET1min read
Speaker 1
Speaker 2
AI Podcast:Your News, Now Playing
Aime RobotAime Summary

- Norway's Ruter operator strengthened cybersecurity after tests showed Yutong electric buses could be remotely shut down, raising global concerns over connected vehicle vulnerabilities.

- Controlled experiments revealed Yutong's 2023 models allowed remote diagnostics access compared to older Dutch VDL buses lacking over-the-air update capabilities.

- Yutong claimed compliance with local laws and German data storage, but Ruter highlighted retained remote access to critical systems like battery controls.

- Ruter now deploys firewalls, delayed software updates, and collaborates with regulators to address digital risks in its 50% of Norway's public transit fleet.

- The incident reflects global scrutiny of tech supply chains, with Norway joining efforts to tighten cybersecurity frameworks for connected infrastructure.

A leading Norwegian public transport operator, Ruter, has announced heightened cybersecurity protocols following tests that revealed Chinese bus manufacturer Yutong Group could remotely shut down its electric buses. The findings,

published last week
, underscore growing global concerns about digital vulnerabilities in connected vehicles and have prompted Ruter to implement stricter procurement standards and advanced anti-hacking measures.

The tests, conducted in controlled environments such as underground mines to block external signals, compared Yutong's new electric buses with three-year-old models from Dutch manufacturer VDL. While the Dutch buses lacked over-the-air software update capabilities, Yutong's vehicles demonstrated direct digital access for diagnostics and updates,

Business Standard reported
.
Ruter emphasized that this access "could theoretically be exploited to affect the bus," though no malicious activity has been reported,
according to US News
.

Yutong, which has sold tens of thousands of buses globally, responded through The Guardian, stating it "strictly complies" with local laws and stores bus data in Germany. An unidentified spokesperson added that the data is encrypted and used solely for maintenance and optimization. However, Ruter highlighted that the manufacturer

retains remote access
to critical systems, including battery and power supply controls, raising concerns about potential inoperability.

The transport firm, which operates half of Norway's public transit, is now deploying firewalls to ensure local control, delaying inbound software updates to review their content before deployment, and collaborating with regulators to establish clear cybersecurity requirements. These steps follow broader global scrutiny of remote vehicle systems, including U.S. investigations into Tesla's app-based controls.

The study reflects wider anxieties about data privacy and digital surveillance, particularly as governments and companies prioritize consumer protection. Ruter's CEO, Bernt Reitan Jenssen, noted the tests transitioned the company from theoretical concerns to actionable security strategies. While Yutong's buses are not autonomous, the ability to remotely manage power systems remains a critical vulnerability.

The incident also highlights the geopolitical tensions surrounding technology supply chains. Yutong's global presence, spanning Europe, Africa, and Asia-Pacific, has drawn scrutiny amid debates over foreign tech integration in critical infrastructure. Norway's response aligns with a global trend of tightening cybersecurity frameworks for connected devices, from 5G networks to transportation systems.

---

Comments



Add a public comment...
No comments

No comments yet