Overview
- Ruter’s covert summer test in a decommissioned mine compared a Yutong bus with a Dutch VDL model, and only the Yutong vehicle showed remote-access vulnerabilities.
- According to Ruter, connectivity via an onboard box with an eSIM registered in Romania enables remote diagnostics, door control and the capability to disable buses.
- Yutong disputes key claims, stating steering and brakes cannot be controlled remotely and saying operational data are stored on a server in Frankfurt under EU privacy rules.
- Immediate mitigations include delaying over-the-air updates for pre‑installation review, keeping bus cameras off the internet, allowing SIM removal and notifying the transport ministry.
- About 850 Yutong buses operate in Norway out of more than 1,350 Chinese-built e‑buses nationwide, and a related software-update platform cited in the findings has had reported flaws patched.