In cities across Australia, fleets of nice-looking electric buses quietly ferry thousands of commuters each day. But new warnings from cybersecurity experts have transformed what once looked like a clean energy success story into a geopolitical flashpoint.
Officials in Australia and the United Kingdom now say some Chinese-made buses may contain code that theoretically lets the buses’ manufacturer shut them down remotely via a so-called “kill switch.”
The revelation has renewed global fears about foreign-controlled technology embedded in critical infrastructure.
The spotlight is on the Yutong-made battery-electric buses. It’s a major Chinese manufacturer whose vehicles have been widely purchased in Australia’s capital, Canberra, and other jurisdictions.
British reports, citing tests by the UK’s National Cyber Security Centre and Transport for the UK government, found that similar models in Europe could be accessed remotely by the manufacturer’s systems, including diagnostics and software updates, and that, theoretically, such access could be used to stop a bus’s drive system.
Image Credit: Yutong Australia.
This marks a dramatic escalation in cyber-risk warnings tied that aren’t about phone networks or internet routers but about public transit vehicles. Transport Canberra reportedly responded by launching a fresh investigation into cybersecurity risks linked to the buses, following the British analysis and earlier flags from Norwegian transit authorities who found what they termed a functional remote shutdown capability during tests.
To cyber researchers, the worry is not that a Chinese government operator is now flipping switches in real time, since there aren’t any confirmed cases of foreign actors actively disabling buses. The concern is that the vulnerability exists at all in imported vehicles that operate on public streets and, in some cases, carry government employees and personnel.
“This isn’t just about buses,” Australian cybersecurity expert Alastair MacGibbon told local media. “It goes to how much control is embedded in the technology we import, and whether those controls could be abused.”
Hits Too Close to Home
Image Credit: Yutong Australia.
This episode in neighboring Australia (ally, we mean) reads like vindication for policymakers in the US who have long sounded the alarm over dependencies on Chinese technology.
Transport Secretary Sean Duffy and other hardliners have repeatedly asserted that Chinese-linked vehicles and connected technologies pose unacceptable security risks — even going so far as to say China should never sell cars (or similarly connected vehicles) on American roads “as long as I have breath in my body.”
While those comments were dismissed as bluster by critics, the Australian “kill-switch” story has suddenly given them a concrete, globally reported incident to point to.
In Washington, the Biden administration tightened restrictions on connected vehicles containing Chinese software or hardware, with new rules designed to ban such imports by model year 2027 — a response to precisely the kinds of national security vulnerabilities highlighted by the Australian case.
Image Credit: Yutong Australia.
Opponents of these policies argue that connectivity features, including remote diagnostics and over-the-air updates, are standard across the global auto and transit industries, not unique to Chinese manufacturers.
Indeed, any modern vehicle with internet connectivity might in theory be accessed remotely, whether made in Beijing, Detroit, or Tokyo. Critics in China have taken to global media to warn that U.S. bans could backfire by raising costs and supply chain challenges for American automakers dependent on global components.
But for many U.S. national security experts, the defining issue isn’t simply connectivity but control. If a foreign company can access the mission-critical systems of vehicles running on public streets — or the energy grids, solar inverters, or AI systems that undergird modern life — then that access becomes a lever that adversaries could exploit during crises.
Global Security, Local Streets
The Australian episode has already spurred official reviews of every Yutong model in service. Transport Canberra officials insist there is no immediate operational concern based on current investigations, and that local buses are updated via physical service centers rather than remote connectivity.
But the warning’s broader resonance has rippled through capitals from London to Canberra, Oslo to Washington: as nations electrify their transit fleets and embrace connected vehicles, they must also reckon with who controls that connectedness.
And for American lawmakers who warned loudly (and, in the eyes of some, prematurely) that Chinese technology on wheels isn’t just another import, this moment may well feel like a long-anticipated reckoning.