Norway is experiencing a security shock: full control over a large part of its public transportation system is in the hands of a foreign manufacturer – and the operators were completely unaware of it. A secret test revealed that China not only has remote access and data access to the vehicles, but also that the manufacturer deliberately concealed this access. Nobody on site had any knowledge of the hidden control system. This discovery reveals a serious failure in cybersecurity and poses a significant threat to the safety of electric buses in the country. (ruter: 28.10.25)
Secret remote control from China
More than 1,350 Chinese electric buses are in operation in Norway. Around 850 of them are from Yutong. The transport company Ruter secretly investigated this type of vehicle in a disused mine and uncovered a scandal: a hidden SIM card with a connection to Romania allows unlimited remote control from abroad.
Doors could be opened or locked, engines could be switched off remotely, and their start blocked. Particularly alarming: The operators themselves had no idea about these backdoors. Yutong provided no information whatsoever about the possibility of remote control. Control of the buses thus lay undetected in China’s hands – without the consent or knowledge of those responsible in Norway.
Concealed Risk with Total Data Access
In addition to direct control, the access also included all technical parameters, error and diagnostic functions. All sensitive vehicle data could be viewed and retrieved remotely. This massive violation of data sovereignty was not only unexpected but deliberately concealed. Neither the transport authority nor the drivers had any indication of the manufacturer’s actual access rights. When it became apparent that a central infrastructure was being controlled remotely without the operators’ knowledge, Ruter reacted promptly and informed the Ministry of Transport.
Why did the manufacturer conceal the remote access?
The reasons for this concealment remain unclear. One thing is certain: transparency was clearly never intended. Such remote access creates not only technical but also political dependencies. Through a silently installed access system, the manufacturer can, if necessary, shut down or spy on critical infrastructure – a power factor that goes far beyond normal customer service. China’s manufacturers are thus granting themselves insights into and intervention capabilities in foreign transport systems, while local operators remain completely in the dark.
China’s Electric Bus Giant: Yutong
With more than 41,000 buses sold in 2021 and a massive market share in China, Yutong plays a defining role in global logistics. Exports to over 30 countries secure the company’s strategic influence. However, the incidents in Norway demonstrate that technical dominance becomes a risk when transparency is lacking.
Is European Public Transport at Risk?
Yutong buses are also in use in other European countries – including France, Spain, and Poland. Those who rely on green mobility must not lose control. The revelations from Norway highlight the urgent need for action: Only with technical scrutiny, vigilant risk management, and stronger cybersecurity can Europe prevent foreign manufacturers from exerting undue influence over critical infrastructure. Protection against covert control is crucial for maintaining independence in the digital age.