Electric buses from the Chinese company Yutong could be remotely disabled via remote control capabilities found in the bus software, diagnostics module, and battery and power control systems.
There’s a difference between consensual OTA updates (meaning the bus company would manually need to confirm the update) and non-consensual OTA updates (meaning it is done regardless of the bus company’s wishes).
The Chinese buses are capable of the latter which is a gigantic security vulnerability. You do not want any operating system anywhere to update itself without consent.
I looked up the top 5 bus manufacturers in Europe, accounting for a combined 80-90% of new buses.
All of them use OTA updates.
The author picks a very unusual bus without telling the reader to make the reader believe this is a chinese problem and not standard practice in 2025.
There’s a difference between consensual OTA updates (meaning the bus company would manually need to confirm the update) and non-consensual OTA updates (meaning it is done regardless of the bus company’s wishes).
The Chinese buses are capable of the latter which is a gigantic security vulnerability. You do not want any operating system anywhere to update itself without consent.
Does Iveco(41%) or any other manufacturer with a meaningful market share do that?