Overview
- The Department for Transport said it is working with the National Cyber Security Centre to assess whether Yutong’s update and diagnostics access could disable buses.
- Norway’s operator Ruter reported tests showing direct digital access on Yutong models and said the buses could in theory be stopped, after SIM cards were found enabling connectivity.
- Denmark’s Movia began an urgent review and said the potential to remotely deactivate connected vehicles is a broader issue for modern EVs; officials weighed removing SIMs but noted it would break other systems.
- Yutong said EU vehicle data is stored in an encrypted, access-controlled AWS Frankfurt center and that no one can access or operate systems without customer authorization, adding its European buses do not support remote control of acceleration, steering or braking.
- UK exposure remains unclear, with The Times citing roughly 700 Yutongs versus the Mail’s claim of more than 2,500, while Transport for London said none are in service and experts note no confirmed remote deactivation incidents.