A security inquiry launched after Norway raised concerns about Chinese Yutong electric buses revealed that hundreds of similar buses operating in Britain could be remotely disabled by China via a ‘kill switch’ embedded in the software connected to onboard SIM cards. The UK Department for Transport and National Cyber Security Centre (NCSC) have identified this risk, though government experts state no concrete evidence exists that the function has been used or that the buses can be remotely controlled through their main driving systems. Around 700 Yutong buses are in operation across Britain, employed by major transport groups such as Stagecoach and First Bus. Meanwhile, the UK government is pushing for increased Chinese investment despite the security concerns. The NCSC has confirmed it’s technically possible for the buses to be shut down remotely but has not implemented bans on the vehicles, citing lack of concrete evidence and diplomatic considerations. Local authorities such as Nottingham City Council have fully adopted Yutong electric buses. The manufacturer, based in Zhengzhou, China, says the vehicles cannot be controlled remotely as the internet-enabled software is not linked to critical driving controls. Officials at the Department for Transport said they are working closely to understand and mitigate potential risks. No plans exist to place explicit security warnings on buses in the UK, though other countries like Norway have taken protective measures.
Category: Cyber & Information Warfare
Subcategory: Cyber Attacks
Incident Type: Attacks on critical infrastructure (energy, transport, hospitals)
Country: United Kingdom
Source report: www.telegraph.co.uk/news/2026…
