The UK government has launched a security investigation into hundreds of Chinese-manufactured buses operating across England amid growing concerns about potential remote interference capabilities.
Security scrutiny intensifies
The Department for Transport and the National Cyber Security Centre are jointly examining buses made by Chinese company Yutong following similar investigations by Norwegian and Danish authorities. The probe aims to determine whether the vehicles could be vulnerable to external control or manipulation through their communication systems.
A Department for Transport spokesperson confirmed: "We are looking into the case and working closely with the UK's National Cyber Security Centre to understand the technical basis for the actions taken by the Norwegian and Danish authorities. The department takes security issues extremely seriously and works closely with the intelligence community to understand and mitigate potential risks."
International concerns emerge
The investigation follows alarming findings from Norway, where Oslo's public transport service Ruter discovered that Yutong buses could theoretically be "stopped or rendered inoperable" by the manufacturer. The Norwegian investigation tested two buses from Yutong and Dutch manufacturer VDL in a secure mountain tunnel facility to prevent remote tampering during assessment.
Ruter's examination revealed that Yutong buses have access to control systems for battery and power supply via mobile network through a Romanian SIM card, creating a potential vulnerability. However, the transport operator clarified that there was no evidence Yutong had attempted to control buses improperly, and confirmed that onboard cameras aren't internet-connected, eliminating video transmission risks.
Denmark subsequently opened its own investigation following the Norwegian findings, highlighting growing European concern about Chinese technology in critical infrastructure.
Widespread UK deployment
Yutong buses are extensively used across the UK, with operations in Bristol, Essex, Leicester, Nottingham, south Wales and South Yorkshire among other locations. The Chinese manufacturer, which began as Zhengzhou Bus Repair Factory in 1963, has exported nearly 110,000 buses to more than 100 countries, capturing over 10% of the global market.
The company's buses feature over-the-air software update capabilities, a common feature in modern vehicles that allows manufacturers to remotely modify software. While this technology provides convenience for both manufacturers and operators, digital security experts have long warned that such systems could present security or privacy threats from hostile states or criminal groups.
Yutong previously told the Sunday Times that it "strictly complies with the applicable laws, regulations and industry standards of the locations where its vehicles operate." The company didn't immediately respond to new requests for comment regarding the UK investigation.
Any evidence of actual interference by a Chinese manufacturer with bus operations would likely devastate China's vehicle export ambitions, a key industrial priority for Beijing. Meanwhile, Ruter has committed to imposing "even stricter security requirements in future procurements" as the international transport sector grapples with evolving digital security challenges.
