Fears over dependency on Chinese technology have reached an unlikely corner of the West: the previously serene and efficient world of Scandinavian public transportation.
European nations have become increasingly worried that their vast amounts of Chinese-built infrastructure could be weaponized — tampered with, immobilized or even commandeered — if tensions were to rise with Beijing.
Now, bus providers in Denmark and Norway say they are urgently investigating and remedying what they say is a security loophole discovered in their fleets of vehicles made by Yutong, a company based in Zhengzhou, China, that is the world’s largest manufacturer of buses by sales volume.
Because these buses can receive updates and diagnostic tests “over the air,” they can be “stopped remotely, either by the manufacturer or by a hacker,” Jeppe Gaard, chief operating officer of the Danish public transport provider Movia, told NBC News in an email Wednesday.
“Electric buses, like electric cars, in principle can be remotely deactivated if their software systems have online access,” he said. This isn’t just a “Chinese bus concern; it is a challenge for all types of vehicles and devices with these kinds of electronics built in,” Gaard added.
In Denmark, Movia’s fleet includes 262 Yutong buses, which have been phased in since 2019 across a network that covers the capital, Copenhagen, and the east of the country, Movia said.
The alarm was first raised earlier this month by the Norwegian bus operator Ruter, which runs half of the country’s public transport, including in Oslo, the capital.
Ruter performed underground tests “inside a mountain” on two buses: the Yutong model and one from the Dutch manufacturer VDL.
While the Dutch buses “do not have the capability for autonomous software updates over the air,” Yutong “has direct digital access to each individual bus for software updates and diagnostics,” it said.
In theory, “this bus can be stopped or rendered inoperable by the manufacturer,” it said, although Yutong wouldn’t be able to remotely drive these vehicles.
Asked for comment on the Danish and Norwegian moves, Yutong sent an emailed statement saying that it “understands and highly values the public’s concerns regarding vehicle safety and data privacy protection,” and “strictly complies with the applicable laws, regulations, and industry standards.”
It said its vehicle data in the European Union is stored in an Amazon Web Services data center in Frankfurt, Germany, where it is “protected by storage encryption and access control measures,” and that “without customer authorization, no one is allowed to access or operate the system.”
China’s Ministry of Commerce did not immediately respond to a request for comment.
This is just the latest episode in Europe’s complex relationship with China: deeply reliant on Beijing’s trade and increasing know-how, but critical of its alleged cyber-aggression, rampant intellectual property theft and human rights violations.
Even as hope rises for a new trade agreement between China and the E.U., there are grave concerns over plans for a new mega-embassy in London and a lingering scandal over the collapse of an alleged spying case at the heart of Westminster.
Meanwhile, the Dutch government has seized control of the Chinese chipmaker Nexperia, in a saga that has raised fears that car production could come to a halt on the Continent.
Even more so than the United States, European nations have relied on China for critical infrastructure — only to conclude that it poses a problem if and when relations go south.
A number of European governments have torn out 5G networks made by the Chinese giants Huawei and ZTE — under pressure from Washington — because of fears they could be used by Beijing to compromise Western national security.
Today’s hot-button issue is Chinese electric vehicles, which are effectively blocked from sale in the U.S. but whose market share is ballooning in Europe, doubling to 5.1% in the first half of 2025 from last year, according to the auto consultancy JATO Dynamics.
As with other Western concerns, China has roundly rejected that its EVs and other technologies present a security risk.
In January, China’s Foreign Ministry condemned American moves to block Chinese tech from the U.S. auto market, accusing it of “overstretching the concept of national security” and calling for Washington to “stop going after Chinese companies,” spokesman Guo Jiakun said at a daily news briefing.
But plenty of security and intelligence officials are concerned.
Western nations had “the whole problem with Huawei and 5G, and you’ve now got a similar problem in Chinese electric cars: that they can all be immobilized at a switch from the manufacturer,” the former head of Britain’s MI6 intelligence agency, Richard Dearlove, told NBC News in an interview earlier this year.
“So if we have a crisis with China, they can bring London to a complete halt by reprogramming” these vehicles.
In reality, this is also true of any electric vehicle — including those made by Tesla, for example — and many other items reliant on internet connectivity, said Ken Munro, founder of the British American cybersecurity consultancy Pen Test Partners.
In Norway, Ruter, the electric bus operator, said it had carried out several fixes, including stricter controls on future bus purchases, “firewalls” to protect against hackers, and “collaborating with national and local authorities on clear cybersecurity requirements.”
Are experts convinced this will work?
“Not really,” Munro said.
“Any degree of connectivity and the ability to update software, which we all want as consumers,” he said, “has to be enabled.” Munro added: “The only way to do this, to my mind, would be for the operator to remove all connectivity from that vehicle.”
Munro questioned whether China would actually want to exploit a potential vulnerability like the one identified in the Scandinavian buses.
“Do we believe that China would destroy its entire export industry for vehicles, EVs or not, in order to prove a political and military point? It is within the bounds of plausibility,” but the chances are “incredibly small,” Munro said.
“It just comes down to trust,” he added.
This article was published by NBC News on 2025-11-09 06:00:00
View Original Post
