c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
Community Rules
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub
Notable mention to !cybersecuritymemes@lemmy.world
Killswitches may be common, but it is major security implications if infrastructure is sold with them without the buyer knowing about them, which appears to the case here.
It also makes a case to not buy hardware from China if their manufacturers install these killswitches and don't notify their owners.
There's no kill switch, the bus uses OTA updates like 95% of new buses, and soon 100% that could conceivably be used as a kill switch.
The article lies by omission.
One form of lying by omission is not to discuss whether this is unique or unusual to Chinese vehicles.
Similar backdoor control capabilities, usually at least officially frowned upon in Western tech companies, weren’t found in buses bought from Dutch company VDL.
Looks like that was discussed in the article.
No I think floofloof meant that the article doesn't point out that Tesla and John Deere products have that same feature.
Common John Deere L
It specifically mentions Tesla and John Deere in the article.
I looked up the top 5 bus manufacturers in Europe, accounting for a combined 80-90% of new buses.
All of them use OTA updates.
The author picks a very unusual bus without telling the reader to make the reader believe this is a chinese problem and not standard practice in 2025.
There's a difference between consensual OTA updates (meaning the bus company would manually need to confirm the update) and non-consensual OTA updates (meaning it is done regardless of the bus company's wishes).
The Chinese buses are capable of the latter which is a gigantic security vulnerability. You do not want any operating system anywhere to update itself without consent.
Does Iveco(41%) or any other manufacturer with a meaningful market share do that?
The language used here suggests to me that the user initiates the update, but that's as far as I can guess.
Operators of the chinese bus can pull the SIM card and reinsert it as desired as mentioned in the article, I'm not sure there is a meaningful difference if that is how the Iveco works.
You obviously didn't read the article because the author talks about non-Chinese products as well. They specifically describe a possible future where Trump disables all Danish iPhones. It has nothing to do with China and everything to do with the problem of "smart" devices and how little control we have over our own possessions.
Vi skal vænne os til, at hvis du køber en amerikansk Tesla eller kinesisk BYD, kan den – i hvert fald i teorien – i morgen godt være en ubrugelig klods på omkring et ton bilskrald, der bare holder ude i din indkørsel. Det samme, hvis du køber iPhone eller en mobiltelefon fra Huawei eller for den sags skyld en europæisk telefon.
Translating very loosely because I don't actually speak Danish:
If you buy an American Tesla or Chinese BYD it can in theory be bricked tomorrow. Same if you buy an iPhone, Hwawei, or even a European phone.
Other countries, brands, and varieties of products are also discussed throughout the article.
There's no kill switch
You cannot know that, and it's a big problem.
How is it lying by omission why it describes exactly what you said?
Anyone who installs kill switches in shit they sell should be legal to kill.
Yeah, imagine if a signiticant portion of crucial infrastructure was owned by a foreign party eh
Just like Teslas.
Their real kill switch are in the door handles!
And John Deere.
Well yeah? I just assume that anything with remote access not directly from my country can be disabled and render useless at anytimes even more when it’s come from a dictatorial empire
Why put the caveat that it's not from your country? If it has remote access, it can be remotely disabled. Maybe it's from a designed feature, or maybe it gets hacked.
People were reporting on cars being remotely accessed and disabled over 10 years ago. If it has any communication with outside systems, it is susceptible to malevolent actors.
Also cars have notoriously bad security. I doubt buses are better.
Xenophobia.
It 100% can even if from my country but if done legally i have at least some kind of recourse
Nothing i can do if china choose to disable stuff because they don’t like where i live anymore
What is the actual likelihood of the following:
IMO, that list goes from least likely to most likely, and this story is likely just FUD to reward some local manufacturer or other interest.
Slightly less worrisome than your F35 or what-have-you but yes, it's an annoying trend overall.
A military alliance ally vs. a foreign rival that is friends with your enemy. The US has been flaky lately but still
The US is no one's ally, except the ultra rich.
They're both NATO members
The US leadership has threatened to invade not one but two NATO countries in the last 9 months.
ROFL
I'm not sure you understand what military alliance means... Turkey and Greece are allies formally even though they hate each other with passion.
Same as it ever was, NGL...
FYI, "to escape religious persecution" was the frilly new dress on the poxy cash whore they all rode in on, and the punters applauded the parade.
Now picture a country getting into a conflict with China, and having them turn of the whole fleet; and given China's historical behaviour, this is not beyond them. If there is any significant percentage of Chinese vehicles, you just gridlocked the country.