Tag Archives: Public transport

News

Big Brother on the Bus: When Public Transport Gets Hacked

Imagine this: you’re stood at a Danish bus stop, drizzle in your hair, checking your watch, and muttering about the 5A being late again. Except this time, it’s not because the driver’s on a coffee break — it’s because someone, somewhere, might have literally pressed “off” on the bus. From another country.

Welcome to the age of connected chaos, where your local transport authority is just one dodgy Wi-Fi connection away from a total meltdown.

The Bus That Can Be Turned Off Like a Smart Toaster

Denmark’s public transport company, Movia, has discovered that its shiny fleet of Chinese-made Yutong electric buses comes with an unexpected feature: a potential remote kill switch.

To be clear — no one’s actually flicked it. Yet. But the fact that it could be flicked is enough to make Danish officials twitchier than a Tesla on a frozen roundabout.

The whole thing came to light after Norway’s biggest transport operator, Ruter, found that its own Yutong buses contained Romanian SIM cards — the sort that let engineers in another time zone remotely push software updates or troubleshoot glitches.

Handy, right? Until you realize that the same pipeline that lets someone fix a headlight bug could, in theory, let them lock the doors and shut everyone inside. Or worse, turn off an entire city’s transport network with a few keyboard clicks.

Who’s Actually Driving This Thing?

Movia runs 469 Chinese-built electric buses, and 262 of them are Yutongs. That’s a lot of rolling data centers humming quietly around Copenhagen.

Yutong, to its credit, insists everything’s above board. The company says all EU data is tucked safely away in an AWS datacentre in Frankfurt, wrapped in encryption and governed by the usual GDPR alphabet soup of compliance.

“No one,” Yutong says, “is allowed to view or access this data without authorization.”
Which, translated from corporate to human, means: you just have to trust us.

Security in the Slow Lane

But this isn’t just about Denmark, or even China. This is the future we’ve driven ourselves into — a world where cars, buses, and even tyres are now internet-connected devices with their own potential security holes.

Yes, even Pirelli’s Cyber Tyres, the ones that talk to your car’s brain to tell it how much grip you’ve got left, are under scrutiny because of their Chinese-linked ownership.

And over in the US, the Department of Commerce has already banned connected hardware from both Russia and China, citing security risks.

The Price of Progress

On one hand, connected vehicles are brilliant. Over-the-air updates mean your car can fix itself overnight. Engineers can diagnose problems from anywhere. Public transport can run more efficiently.

On the other hand, you’re now relying on invisible data streams — and whoever has the password — to keep your journey rolling.

As Denmark has discovered, in the age of electric, digital, networked everything, the new fuel isn’t electricity or hydrogen. It’s trust.

And if that runs out? Well… better start walking.

Source: Movia

News

When the Bus Company Can Pull the Plug: Norway’s Electric Fleet Faces a Digital Reality Check

In the world of electrified public transport, connectivity is king. But as Norway is discovering, the same technology that makes buses smarter, cleaner, and easier to manage can also open the door to a new kind of vulnerability — one that reaches far beyond charging ports and route maps.

Ruter, the largest public transport operator in Norway, recently ran a quiet but revealing test inside a sealed facility. The goal? To probe the cybersecurity of its electric buses. What it found has sparked a nationwide conversation about who really holds the keys — not just to the ignition, but to the entire system.

The Unexpected Passenger: Hidden SIM Cards

Among the buses tested was one built by Yutong, China’s largest bus manufacturer and a major supplier to Norway’s rapidly electrifying fleet. Inside its systems, engineers discovered Romanian SIM cards — components Yutong says are used for remote diagnostics and over-the-air software updates.

Nothing inherently sinister there — Tesla, Volvo, and Mercedes all use similar connectivity tools. But Ruter’s test raised an eyebrow for one crucial reason: those SIM cards give Yutong, at least in theory, the power to remotely access or even disable the buses from thousands of miles away.

So far, Ruter has found no evidence of tampering or misuse. Still, the discovery has rattled nerves in a country where electric buses — roughly 1,300 nationwide, with some 850 built by Yutong — are a cornerstone of the public transit revolution. In Oslo and Akershus alone, around 300 of them carry passengers daily.

From Curiosity to Cybersecurity

We are moving from concern to concrete knowledge,” said Ruter CEO Bernt Reitan Jenssen, describing the shift from speculation to action. The agency has since tightened its cybersecurity protocols, isolating buses from cloud-based systems and removing the SIM cards entirely to ensure full local control.

This isn’t paranoia — it’s prudence. Jenssen made it clear that while the likelihood of an intentional shutdown is low, “that doesn’t mean we shouldn’t take it very seriously.”

Norway’s Minister of Transport, Jon-Ivar Nygård, echoed that sentiment, praising Ruter’s initiative and confirming that the government is now reviewing exposure to suppliers from outside Norway’s security alliances. “Together with players like Ruter, we will ensure that this sector is less exposed to risk,” he told the national broadcaster NRK.

Connected, but at What Cost?

Modern vehicles — whether public buses or personal EVs — are increasingly defined by their software as much as their mechanical parts. Connectivity enables real-time diagnostics, fleet management, and performance updates. But it also creates potential backdoors that can be exploited or misused, intentionally or not.

In this case, Ruter’s test didn’t uncover a smoking gun — only the realization that such a gun exists, and someone else theoretically holds the trigger. It’s a reminder that in the era of connected mobility, “security” doesn’t stop at airbags and ABS. It extends deep into code, networks, and cloud servers halfway across the world.

The Road Ahead

For now, Ruter’s decision to strip the buses of their SIM cards and operate offline is a decisive move toward local control — a kind of digital unplugging in an otherwise hyperconnected age.

But as the transport sector continues to lean on foreign-made electric vehicles, Norway’s test underscores a growing truth across the automotive world: the future of mobility isn’t just electric — it’s geopolitical.

Source: Ruter