UK Probes OTA Vehicle Cyber Risks After 2 Bus Tests Flagged Remote Control Threats
Updated
Updated · CNBC · Jul 18
UK Probes OTA Vehicle Cyber Risks After 2 Bus Tests Flagged Remote Control Threats
1 articles · Updated · CNBC · Jul 18
Summary
Britain's Department for Transport is investigating cybersecurity risks in vehicle over-the-air technology with the National Cyber Security Centre after bus testing exposed possible remote interference.
Two buses tested by Norwegian operator Ruter late last year found one vehicle could access battery and power controls via a mobile network through a Romanian SIM card, raising the possibility it could be stopped or disabled remotely.
That finding also prompted Denmark to open its own review, though analysts said the risk is not limited to one manufacturer or country even if the buses examined were made by China's Yutong.
OTA updates—popularized by Tesla in 2012 and now widespread across autos—let companies push software fixes wirelessly, cutting recall costs but expanding attack surfaces for espionage, sabotage and broader transport infrastructure risks.
As AI learns to find vehicle flaws, is our transportation network on the brink of a systemic cyberattack?
Can new US and EU laws stop foreign adversaries from turning your connected car into a weapon?
With a 2027 deadline looming, are carmakers ready for the world's strictest cybersecurity rules?
UK Investigates 1,000+ Yutong Electric Buses Amid Rising Cybersecurity Concerns and OTA Remote Access Risks
Overview
Modern electric buses now use advanced software systems that allow manufacturers to remotely access and update vehicle software through Over-The-Air (OTA) updates. This technology brings efficiency and easier diagnostics but also introduces new vulnerabilities, as direct digital access means that critical systems could potentially be controlled or disabled from afar. These risks are not limited to one brand or country, as OTA capabilities are becoming standard in new bus models worldwide. As a result, governments and operators are increasing cybersecurity measures and updating regulations to protect public transport, which is considered critical infrastructure.