Sensitive content Kliknij aby otworzyć/zamknąć

US made John Deere tractors also have a kill switch and it has been used to disable some of them (in this case tractors stolen by Russian troops) remotely:

orchardandvine.net/news/john-d…

edition.cnn.com/2022/05/01/eur…

(EDIT: this was also mentioned briefly in the Danish article linked above)

John Deere ‘Kill Switch’ Renders Stolen Tractors Useless

John Deere has struck a blow against the Russian Army, in its war of aggression in Ukraine.

^{orchardandvine.net}

To be honest: I'd love a broad scale analysis of this. Few days ago it as a vacuum cleaner, now buses...

Test this in all things. From mobile phones to cars (don't care if Chinese, US or German), smart beds (well... actually leave these ones out. Who buys a bed that needs internet?!), switches, routers, water pumps, ....

I bet they'll find stuff in too many places.

Not just China doing this. I remember arstechnica.com/tech-policy/20…

It is generally not a good idea to give others control over apparatuses that you own.

Trains were designed to break down after third-party repairs, hackers find

The train manufacturer accused the hackers of slander.

^{Ashley Belanger (Ars Technica)}

Here's another article about this in German:

derstandard.at/story/300000029…

Chinesische Busse in Oslo könnten von China aus gesteuert werden – sie fahren auch in Amstetten

Die Verkehrsbetriebe der norwegischen Hauptstadt testeten im Sommer neu angekaufte Fahrzeuge. Auch in Dänemark und in Niederösterreich fahren die Busse

^{DER STANDARD}

The existence of a kill switch is one thing, but what's more fundamental here in the case of a bus is why on earth it has to be connected to the public internet in the first place?

It just doesn't make sense.

Peraphs not..

@randahl

We must ask ourself where this suspious comes from? I've get you a clue in the interview linked below.

Reminds me of Polish train manufacturer bricking their trains located close to independent repair shops.

So far, the only people suffering for this decision are the people that helped unbrick the trains in question.

hackaday.com/2023/12/14/polish…

This is not a China phenomenon but a greed one. Not to say that Chinese government doesn’t enjoy the results, just that I doubt they had to actively instruct anyone to include these kill switches.

Polish Train Manufacturer Threatens Hackers Who Unbricked Their Trains

A week ago we covered the story of a Polish train manufacturer who was caught using software to brick their products after they had been repaired by in independent railway workshop. Now 404 Media h…

^Hackaday

Tl;Dr

Chinese electric buses have independent outgoing Comms that are used for navigation and OTA updates.

These updates could be designed to disable the vehicle (or they could do it by accident).

As others have noted, pretty much all electronic devices (from doorbell cams and printers to trains and combat aircraft) from all manufacturers (western and Chinese) have this issue.

Good to check and worthwhile developing processes to firewall, monitor and control this access.

European option:

"The extensive network of IVECO BUS and IVECO service points guarantees support wherever a vehicle is operating worldwide. The manufacturer employs more than 5,000 people and has five factories, located in Annonay and Rorthais in France, in Vysoké Myto in the Czech Republic, and in Brescia and Foggia, in Italy."
ivecobus.com/france/La-Marque

Sad story, Alstom Aptis was manufacturing good electrical buses in Alsace, France, but due to low demand, they cease activities in 2021.
European Union countries should give priority to EU products so that OUR companies don't close and to prevent sad surprises.

fr.wikipedia.org/wiki/Alstom_A…

Alstom Aptis — Wikipédia

^{Contributeurs aux projets Wikimedia (Fondation Wikimedia, Inc.)}

Kill switches are fantastic folks. The question is only about who controls the switch.

-- When the owner of the asset can control the kill, it is a boon for privacy, anti theft, and pro security.

-- When an adversary controls it, it is coercive, malicious, dangerous and predatory.

A Norwegian bus company wants to know if their buses could be abused by China in the case of war.
in the mine, investigators discover a Chinese kill switch which could destroy all Chinese buses.

BOLLOX

Thank you for replicating the ridiculous accusations. A sim card and update box was found.
That system is used in thousands of buses, trains, cars, tesla for example can be switched off from usa as can john deer tractors.

Isn't this a well known practice? Isn't Tesla doing the same with OTA sw updates, performance monitoring et.c. of the vehicles they manufacture?

But, I guess, we are all conditioned to see #US #technofascism as more acceptable, for some reason.

The most thought-provoking thing about this article is that it highlights the absolutely wild level of sinophobia in scandinavia.

My wife's Volvo has remote firmware update functionality, is that a Swedish killswitch? Every one of the tens of thousands of Teslas in Denmark has remote update functionality, is that an American killswitch? Modern BMWs have remote update functionality, are those German killswitches?

I personally hate the techbroization of modern cars, and I believe that every one of these features should be regulated out of existence, but

it's amazing how this kind of stuff is accepted and normal in every part of our lives until a company based in China does it, and suddenly it's "😱 THE CHINESE GOVERNMENT HAS KILLSWITCHES IN OUR BUSSES 😱"

🙄

well, translation does not sound that scary and specific:

> " The Chinese electric bus contains a computer that, among other things, controls the bus's battery and engine, so the bus can most efficiently drive around Oslo. And this computer is – via a small sim card – on the Internet, so it can send information and sometimes retrieve an update back. For yes, a bus can be updated in exactly the same way as your phone."

TL;DR: remote tracking and updates which can be used maliciously

Sorry, unless we suddenly start to take non-elective OTA updates without safeguards such as independently reviewed, reproducible source code builds as the theoretical but very possible general threat that they are, I fail to see how this is special. Even more so because @briankrebs boosted it.

Vendor-forced OTA updates are an accepted practice. Attack the practice, not the practitioner.

To be fair: All Tesla's, and probably many other EV's on the market today have this same functionality.

It's not a "kill switch" directly, it's that the busses support OTA with full admin-rights directly from the manufacturer without user envolvement that could theoretically be used as a kill switch.

Now, if you read further on the "Lion Cage" project, that is scary shit.

Version of the story from The Guardian.

Danish authorities in rush to close security loophole in Chinese electric buses theguardian.com/world/2025/nov…

Danish authorities in rush to close security loophole in Chinese electric buses

Investigation launched after discovery that Chinese supplier had remote access to vehicles’ control systems

^{Miranda Bryant (The Guardian)}

@paco just copy the text and paste it into translate.google.com.

@shelldozer @65dBnoise

huawei suspected of kill switch in routers
dji drones suspected of kill switch
e-cars suspected of kill switch
vacuums suspected of mapping

WHEN DO NATIONS START DEMANDING OS SOVEREIGNTY?

(not expensive or complicated: it's called open source software and linux)

PS: the expensive and complicated part?
EDUCATING VOTERS TO VOTE FOR IT

do busses really need to be connected to the internet?

however attractive that seems, the possibility (actuality, in this case) of remote interference makes it too costly.

same for everything else, too. does my fridge need to be? my tv?

Ok I read the translated article and it seems that what they found was the computer that controls the battery and inverter had a sim card in to to allow for firmware updates.

In theory the firmware could be updated to kill the bus but I couldn't see any mention of a function in the existing firmware kill the bus.

This "update firmware to kill" vulnerablity is present in any hardware that can be updated.

Sometimes it happens inadvertently when apple/Google brick a load of phones.

And that is why being electronically independent make sense. Unfortunately not is not always possible but these tests are easy to perform by forensics. That being said, include a clause in the contract specifying remote kill switches, investigate the product you are buying and return them if you find something related.

If you are a country this should be mandatory

Article says that investigators found no spying functions and no kill switch.

They "discovered" auto update function. Described scenario is of course possible (for every device with auto update function), but this is not a kill switch.

But I guess any reason is good for anti-Chineese FUD?

saying they "found a kill switch" is a bit alarmist IMO.

They found that over the air firmware updates are supported. Yes the manufacturer could in principle ship broken firmware, but there's no indication they built functionality specifically to disable the buses - unlike, say, European and North American car manufacturers, which build in features specifically designed for dealerships to disable a car if the buyer misses payments, sold *as a feature* to dealerships.

These kill switches are likely embedded in every chip-enabled product.

It's a national security problem. Spyware, control, & sabotage all in one.

But it's also part of a fossil fuel disinformation campaign to undermine renewable energy.

It's for accelerated planned obsolescence in household appliances, phones, computers, routers, vehicles, satellites, home heating, public lighting, electric grids, and solar & wind electricity generation.

reuters.com/sustainability/cli…

1/