Electric buses from the Chinese company Yutong could be remotely disabled via remote control capabilities found in the bus software, diagnostics module, and battery and power control systems.
Killswitches may be common, but it is major security implications if infrastructure is sold with them without the buyer knowing about them, which appears to the case here.
It also makes a case to not buy hardware from China if their manufacturers install these killswitches and don’t notify their owners.
Similar backdoor control capabilities, usually at least officially frowned upon in Western tech companies, weren’t found in buses bought from Dutch company VDL.
There’s a difference between consensual OTA updates (meaning the bus company would manually need to confirm the update) and non-consensual OTA updates (meaning it is done regardless of the bus company’s wishes).
The Chinese buses are capable of the latter which is a gigantic security vulnerability. You do not want any operating system anywhere to update itself without consent.
Killswitches may be common, but it is major security implications if infrastructure is sold with them without the buyer knowing about them, which appears to the case here.
It also makes a case to not buy hardware from China if their manufacturers install these killswitches and don’t notify their owners.
There’s no kill switch, the bus uses OTA updates like 95% of new buses, and soon 100% that could conceivably be used as a kill switch.
The article lies by omission.
One form of lying by omission is not to discuss whether this is unique or unusual to Chinese vehicles.
Looks like that was discussed in the article.
No I think floofloof meant that the article doesn’t point out that Tesla and John Deere products have that same feature.
Common John Deere L
I looked up the top 5 bus manufacturers in Europe, accounting for a combined 80-90% of new buses.
All of them use OTA updates.
The author picks a very unusual bus without telling the reader to make the reader believe this is a chinese problem and not standard practice in 2025.
There’s a difference between consensual OTA updates (meaning the bus company would manually need to confirm the update) and non-consensual OTA updates (meaning it is done regardless of the bus company’s wishes).
The Chinese buses are capable of the latter which is a gigantic security vulnerability. You do not want any operating system anywhere to update itself without consent.
Does Iveco(41%) or any other manufacturer with a meaningful market share do that?
You cannot know that, and it’s a big problem.
Anyone who installs kill switches in shit they sell should be legal to kill.
Yeah, imagine if a signiticant portion of crucial infrastructure was owned by a foreign party eh