Electric buses manufactured by China’s Yutong Group have come under international scrutiny after Norway, Denmark, and the United Kingdom launched investigations into potential cybersecurity risks. Norwegian public transport operator Ruter recently revealed test results suggesting that Yutong’s electric buses could be remotely controlled, including the ability to halt operation or disable the vehicle — raising alarms over possible foreign interference.
The findings prompted Denmark’s Movia to begin its own inspection, while the UK Department for Transport confirmed it is working with intelligence agencies to assess and mitigate related risks.
In Australia, Yutong has delivered more than 1,500 buses since 2012, including about 145 electric models. Local distributor VDI noted that Australian buses typically undergo software updates at service centers, not remotely. Yutong also clarified that the models examined in Norway differ from those operating in Australia.
Still, cybersecurity experts remain concerned. Alastair MacGibbon, former head of the Australian Cyber Security Centre, warned that all connected electric vehicles maintain communication links with manufacturers, potentially allowing access to location data, microphones, cameras, and navigation systems — or even enabling remote shutdowns. He urged the Australian government to consider restricting Chinese-made electric vehicles in use by public servants, politicians, or near sensitive government sites due to potential national security risks.
The Australian Department of Defence responded that it employs multi-layered security measures to safeguard facilities and personnel. Yutong, for its part, reiterated that its vehicles in Australia do not support remote acceleration, steering, or braking control, and that all operational data is transmitted via local networks to an AWS data center in Sydney. The company emphasized its commitment to data security and privacy, promising full compliance with Australian cybersecurity standards.