Can Chinese-Made Buses Be Hacked? Norway Drove One Down a Mine To Find Out (msn.com)
- Reference: 0180143569
- News link: https://tech.slashdot.org/story/25/11/19/186230/can-chinese-made-buses-be-hacked-norway-drove-one-down-a-mine-to-find-out
- Source link: https://www.msn.com/en-us/money/other/can-chinese-made-buses-be-hacked-norway-drove-one-down-a-mine-to-find-out/ar-AA1QKZ5m
> This summer, Oslo's public-transport authority drove a Chinese electric bus deep into a decommissioned mine inside a nearby mountain to answer a question: Could it be hacked? Isolated by rock from digital interference, cybersecurity experts [1]came back with a qualified yes : The bus could in theory be remotely disabled using the control system for the battery.
>
> The revelation, presented at a recent public-transport conference, has spurred officials in Denmark and the U.K. to start their own investigations into Chinese vehicles. It has also fed into broader security concerns across Europe about the growing prevalence of Chinese-made equipment in the region's energy and telecommunications infrastructure.
>
> The worry is the same for autos, solar panels and other connected devices: that mechanisms used for wirelessly delivering system updates could also be exploited by a hostile government or third-party hacker to compromise critical networks. [...] The Oslo transport authority, Ruter, said the bus's mobile-network connection via a Romanian SIM card gave manufacturer Yutong access to the control system for battery and power supply. Ruter said it is addressing the vulnerability by developing firewalls and delaying the signals sent to the vehicles, among other solutions.
[1] https://www.msn.com/en-us/money/other/can-chinese-made-buses-be-hacked-norway-drove-one-down-a-mine-to-find-out/ar-AA1QKZ5m
Switching off the battery... (Score:2)
...of a bus that had an accident to avoid people burning alive inside is bad now?
I'd hope that the fire department can do that with ANY vehicle.
Re: (Score:2)
But this isn't about the fire department, or the bus company, doing so. It's about the manufacturer - literally halfway around the world - doing so with zero information about the crash.
(And the fire department has their own way of cutting out the batter, that involves bolt cutters and clearly marked access points on the outside of the vehicle.)
How dense can they be? (Score:2)
They always talk about how China is a huge threat to our security but constantly import Chinese tech into our critical infrastructure. They then act surprised.
Re: (Score:2)
Yeah it's the classic not my problem syndrom.
"Look I'm amazing, I did it cheaper, where's my bonus, look at my resume as I leave to next company, look how awesome I was at previous company and saved them money....nO wAy! IT's all cheap and security risk because it's from china? I had no idea! Good thing I don't work there anymore!"
Re: (Score:2)
I will pause judgment until they conduct the same test on domestically made buses.
Re: (Score:2)
> "I will pause judgment until they conduct the same test on domestically made buses."
Most new vehicles have all kinds of spyware and remote control crap (mine certainly does). But, presumably, domestic ones are nowhere near as much of a threat than a foreign, potentially hostile nation-state.
Re: (Score:2)
Sweden (and most of Europe) has more trust in their own government than those of us in the US. And certainly more trust in their own government than in any other government. And quite possibly more trust in a rabid dog playing fetch with a hand grenade with the pin pulled than in the Chinese government.
Possibly a worse problem? (Score:2)
> Ruter said it is addressing the vulnerability by developing firewalls and delaying the signals sent to the vehicles, among other solutions.
It wouldn't surprise me to learn that there's some programming equivalent to a dead-man switch that disables vehicles - and perhaps other electronic devices - if they haven't successfully 'phoned home' within a programmed time.
After all, if you're going to the trouble of designing and installing remote-kill capabilities - for all kinds of possible motives - it would be very short-sighted to NOT disable the equipment if it fails to contact the mothership within a specified period. The tricky part is making i
Re: (Score:2)
This is why governments need to demand the full source code for all computers in any vehicles they buy, along with a build environment that can demonstrably build a working version of the object code from source, and the ability to install the object code themselves.
Anything less is utterly unacceptable from a national security point of view.
At lot of USA auto vendors also do OTA updates (Score:2)
Eg Tesla, and I am sorry to have to say it but with the current president anything seems to go at the drop of a whim. I would not buy a car made in the USA.
Re: (Score:3)
That's one of the reasons behind many countries moving away from the F35 or other US Defense hardware. He wasn't even subtle, he literally said he'd withhold parts and other maintenance items.
Re: At lot of USA auto vendors also do OTA updates (Score:2)
There are legit reasons for sending battery data to a remote location. If a fire occurs you're going to want to know what led up to it, and information is often destroyed in the event of a fire.
Re: (Score:2)
If my car catches on fire, I could not care less about what lead up to it. I'd just go buy another car.
Re: (Score:2)
So you don't care if the next car has the same flaw, and catches fire in your garage and burns down your house in the process? Even though that flaw could have been - possibly quite easily - identified and fixed if those logs had been available?
Or that the same thing might happen to your neighbor, whose burning house might also burn yours down? While you're in it?
Or that your insurance company might double or triple your rates because your car is designed to be unsafe? If they're cover it at all?
Or that the
Re: (Score:2)
I would not buy anything other than a Toyota or a Honda.
Not due to politics or concerns about hacking, but simply because I would t want to deal with anything else.