Sensitive content Click to open/close

US made John Deere tractors also have a kill switch and it has been used to disable some of them (in this case tractors stolen by Russian troops) remotely:

orchardandvine.net/news/john-d…

edition.cnn.com/2022/05/01/eur…

(EDIT: this was also mentioned briefly in the Danish article linked above)

John Deere ‘Kill Switch’ Renders Stolen Tractors Useless

John Deere has struck a blow against the Russian Army, in its war of aggression in Ukraine.

^{orchardandvine.net}

To be honest: I'd love a broad scale analysis of this. Few days ago it as a vacuum cleaner, now buses...

Test this in all things. From mobile phones to cars (don't care if Chinese, US or German), smart beds (well... actually leave these ones out. Who buys a bed that needs internet?!), switches, routers, water pumps, ....

I bet they'll find stuff in too many places.

Not just China doing this. I remember arstechnica.com/tech-policy/20…

It is generally not a good idea to give others control over apparatuses that you own.

Trains were designed to break down after third-party repairs, hackers find

The train manufacturer accused the hackers of slander.

^{Ashley Belanger (Ars Technica)}

Here's another article about this in German:

derstandard.at/story/300000029…

Chinesische Busse in Oslo könnten von China aus gesteuert werden – sie fahren auch in Amstetten

Die Verkehrsbetriebe der norwegischen Hauptstadt testeten im Sommer neu angekaufte Fahrzeuge. Auch in Dänemark und in Niederösterreich fahren die Busse

^{DER STANDARD}

The existence of a kill switch is one thing, but what's more fundamental here in the case of a bus is why on earth it has to be connected to the public internet in the first place?

It just doesn't make sense.

Peraphs not..

@randahl

We must ask ourself where this suspious comes from? I've get you a clue in the interview linked below.

Reminds me of Polish train manufacturer bricking their trains located close to independent repair shops.

So far, the only people suffering for this decision are the people that helped unbrick the trains in question.

hackaday.com/2023/12/14/polish…

This is not a China phenomenon but a greed one. Not to say that Chinese government doesn’t enjoy the results, just that I doubt they had to actively instruct anyone to include these kill switches.

Polish Train Manufacturer Threatens Hackers Who Unbricked Their Trains

A week ago we covered the story of a Polish train manufacturer who was caught using software to brick their products after they had been repaired by in independent railway workshop. Now 404 Media h…

^Hackaday

Tl;Dr

Chinese electric buses have independent outgoing Comms that are used for navigation and OTA updates.

These updates could be designed to disable the vehicle (or they could do it by accident).

As others have noted, pretty much all electronic devices (from doorbell cams and printers to trains and combat aircraft) from all manufacturers (western and Chinese) have this issue.

Good to check and worthwhile developing processes to firewall, monitor and control this access.

European option:

"The extensive network of IVECO BUS and IVECO service points guarantees support wherever a vehicle is operating worldwide. The manufacturer employs more than 5,000 people and has five factories, located in Annonay and Rorthais in France, in Vysoké Myto in the Czech Republic, and in Brescia and Foggia, in Italy."
ivecobus.com/france/La-Marque

Sad story, Alstom Aptis was manufacturing good electrical buses in Alsace, France, but due to low demand, they cease activities in 2021.
European Union countries should give priority to EU products so that OUR companies don't close and to prevent sad surprises.

fr.wikipedia.org/wiki/Alstom_A…

Alstom Aptis — Wikipédia

^{Contributeurs aux projets Wikimedia (Fondation Wikimedia, Inc.)}

Thanks for sharing this.

As much as I like tec, in spite of my decades of using it (I started as a mainframe op in the 1970s), I think we've let the horse bolt through the barn doors.

Kill switches are fantastic folks. The question is only about who controls the switch.

-- When the owner of the asset can control the kill, it is a boon for privacy, anti theft, and pro security.

-- When an adversary controls it, it is coercive, malicious, dangerous and predatory.

A Norwegian bus company wants to know if their buses could be abused by China in the case of war.
in the mine, investigators discover a Chinese kill switch which could destroy all Chinese buses.

BOLLOX

Thank you for replicating the ridiculous accusations. A sim card and update box was found.
That system is used in thousands of buses, trains, cars, tesla for example can be switched off from usa as can john deer tractors.

Isn't this a well known practice? Isn't Tesla doing the same with OTA sw updates, performance monitoring et.c. of the vehicles they manufacture?

But, I guess, we are all conditioned to see #US #technofascism as more acceptable, for some reason.

wow! clever investigation, thanks for this eye opener. I'm sure it is the same here in Aotearoa

it's almost as if trading with terrorist states was a bad idea in the first place.

The most thought-provoking thing about this article is that it highlights the absolutely wild level of sinophobia in scandinavia.

My wife's Volvo has remote firmware update functionality, is that a Swedish killswitch? Every one of the tens of thousands of Teslas in Denmark has remote update functionality, is that an American killswitch? Modern BMWs have remote update functionality, are those German killswitches?

I personally hate the techbroization of modern cars, and I believe that every one of these features should be regulated out of existence, but

it's amazing how this kind of stuff is accepted and normal in every part of our lives until a company based in China does it, and suddenly it's "😱 THE CHINESE GOVERNMENT HAS KILLSWITCHES IN OUR BUSSES 😱"

🙄

well, translation does not sound that scary and specific:

> " The Chinese electric bus contains a computer that, among other things, controls the bus's battery and engine, so the bus can most efficiently drive around Oslo. And this computer is – via a small sim card – on the Internet, so it can send information and sometimes retrieve an update back. For yes, a bus can be updated in exactly the same way as your phone."

TL;DR: remote tracking and updates which can be used maliciously

To be fair, my ten year old north american GM car has the same kind of remote "kill switch" vulnerability. It's there as a feature of the OnStar theft protection package that came with the car even though I'm not paying for it.

If the U.S. regime wanted to take over Canada, it could (potentially) order car companies to disable nearly every car and truck we have.
#autos #theftprotection #ElbowsUp

Sorry, unless we suddenly start to take non-elective OTA updates without safeguards such as independently reviewed, reproducible source code builds as the theoretical but very possible general threat that they are, I fail to see how this is special. Even more so because @briankrebs boosted it.

Vendor-forced OTA updates are an accepted practice. Attack the practice, not the practitioner.

never make america again shirt
viralstyle.com/shirtte/never-m…

viralstyle.com/shirtte/cat-smo…

To be fair: All Tesla's, and probably many other EV's on the market today have this same functionality.

It's not a "kill switch" directly, it's that the busses support OTA with full admin-rights directly from the manufacturer without user envolvement that could theoretically be used as a kill switch.

Now, if you read further on the "Lion Cage" project, that is scary shit.

Version of the story from The Guardian.

Danish authorities in rush to close security loophole in Chinese electric buses theguardian.com/world/2025/nov…

Danish authorities in rush to close security loophole in Chinese electric buses

Investigation launched after discovery that Chinese supplier had remote access to vehicles’ control systems

^{Miranda Bryant (The Guardian)}