Overview
- A confidential Ruter test found about 850 Yutong buses in Norway reachable via a SIM‑equipped box that enables full diagnostics, battery management access and door controls, with the buses theoretically stoppable.
- The trials were run in an isolated, decommissioned mine and a comparable VDL bus showed no cybersecurity risks in the same evaluation.
- Ruter notified Norway’s transport ministry and is applying mitigations including delaying and inspecting remote updates, offering SIM removal to block links, and planning local firewalls and stricter procurement rules.
- Security flaws in a Chinese software‑update platform used by Yutong were disclosed to the provider and have been fixed, according to the reports.
- Yutong disputes any remote control of steering or brakes, says remote features cover climate or lighting only, and states data are stored in Frankfurt under Norwegian and EU laws, as Denmark and Austria debate the findings and Sweden’s earlier removal of Chinese e‑buses is noted.