Authorities in Denmark are urgently studying how to close an apparent security loophole in hundreds of Chinese-made electric buses that enables them to be remotely deactivated.
The investigation comes after transport authorities in Norway, where the Yutong buses are also in service, found that the Chinese supplier had remote access for software updates and diagnostics to the vehicles’ control systems – which could be exploited to affect buses while in transit.
Their investigations found that remote deactivation could be prevented by removing the buses’ sim cards, but they decided against this because it would also disconnect the bus from other systems.
There’s no good reason for any of that to be updated while the bus is on the road. It should be done at a service location.
Also no good reason for it top be connected to the canbus or have any control or even monitoring of vehicle systems.
A GPS tracker needs access to power, that’s it.
Yes an over the air update without being in maintenance mode should not happen in any vehicle. In fact, I think there should be a hardware switch to prevent this.
The simplest solution is to just restrict software updates to direct physical access, and put the USB port or whatever behind a locked service panel.
If the software can’t be infiltrated remotely, then there won’t be any security issues that are so urgent they need to be patched in the middle of a shift, they can wait for a maintenance stop.
The good reason is that this way, they can click a button and push the update to hundreds of buses at once, instead of having to have them all come in one by one. That’s a huge number of man-hours.
Some of these people never had to manage a fleet of computers.
A vehicle shouldn’t be part of a ‘fleet of computers’ period.
I have experience managing multiple network systems with user-facing endpoints. That’s irrelevant.
Nothing critical on a passenger-carrying vehicle should be remotely managed and it definitely should be frozen while the bus is in active service. The last thing a crowded bus in motion needs is the lights randomly going out because someone decided it was time for a patch install.
The right choice from a security and safety perspective is for any wireless interfaces on the vehicle to be read-only - they can send data out (like current location). Pushing software changes should require direct physical access, and should only work if the vehicle is parked. Anything else is a stupid unnecessary risk.
Won’t somebody think of the savings?
Key Points
Jeep Wrangler 4xe models crippled by faulty UConnect over-the-air software update.
Issues caused vehicles to lose power leaving owners stranded.
Incident exposes risks and inadequate testing in modern software-defined vehicles.
https://www.autoblog.com/news/jeeps-latest-software-update-can-disable-your-suv