The ACT Government has launched an investigation into its Chinese-made Yutong electric buses after reports from Europe suggested the manufacturer could remotely disable the vehicles.

Concerns were first raised in Norway, where transport authorities discovered hundreds of Yutong buses they had recently purchased were fitted with systems allowing the company to perform remote software updates and diagnostics.

The discovery has triggered similar reviews in Denmark and now Australia.

MORE: China’s EV dumping ground ‘ignored’

Transport Canberra confirmed it is working with local distributor VDI Australia and federal agencies to determine whether the findings apply to the 96 Yutong buses currently operating in the ACT.

“Transport Canberra and Digital Canberra have commenced further investigation and are working with the local distributor, VDI Australia on actively assessing the validity of these reports as it pertains to ACT owned buses,” a Transport Canberra spokesman said.

“All due diligence activities were performed with this product and supplier before the fleet went into operation.”

Authorities stressed that the Norwegian buses are not the same models used in Canberra.

However, this is the second time in less than a year that the ACT has examined its Yutong fleet.

Earlier this year, Transport Canberra investigated allegations that batteries used in Yutong buses could be linked to forced labour in China’s Xinjiang region.

After a review, it was found that no evidence of modern slavery had been found in the supply chain.

MORE: US bans Chinese car tech over security concerns

In Norway, public transport agency Ruter found the Yutong buses could be accessed remotely, via a ‘kill switch’ to control the bus’s battery and power supply through a mobile network via a SIM card.

“In theory, this could be exploited to affect the bus,” Ruter said in a report.

While Ruter said there was no sign Yutong had ever attempted to control or disable the vehicles, it warned that the capability existed.

“This bus can be stopped or rendered inoperable by the manufacturer,” its report further stated.

Ruter has since tightened its cybersecurity requirements for future bus purchases while Denmark’s transport authorities continue their own investigation into the same issue.

Yutong told the ABC it “strictly complies with applicable laws, regulations and industry standards” in every country where it operates.

MORE: Car makers slammed over privacy issues

Yutong Australia has delivered more than 1500 vehicles locally since 2012, including 133 battery-electric city buses and several electric coaches.

And according to Transport Canberra, all buses operating under their jurisdiction perform software updates locally and “within a controlled environment”.

While VDI Australia confirmed to Australian media that its buses have over-the-air capability, updates in Australia are performed manually and only with customer approval.

Transport for NSW also operates 26 Yutong electric buses, with another eight participating in regional trials, and says it is monitoring the issue.

“Transport for NSW is aware of media commentary regarding Yutong electric buses,” a Transport for NSW spokesman said.

“Safety is our number one priority, and all buses purchased by Transport are required to meet strict Australian Design Rules (ADRs), relevant safety standards, and Transport’s Bus Procurement Panel Number 4 (BPN 4) specification requirements, which include cybersecurity provisions.

“Transport continues to work closely with suppliers to ensure compliance with all relevant safety and cybersecurity standards.”

The concerns come amid growing warnings about cybersecurity risks in electric vehicles.

Former national cybersecurity adviser and CyberCX executive Alastair MacGibbon has previously described modern cars as “listening and surveillance devices”, arguing Chinese-made EVs could pose significant national security risks if exploited.

He said allowing large numbers of Chinese-built EVs onto Australian roads was inconsistent with past security decisions.

I’ll tell you what will have bigger political and economic consequences: when these devices are turned off, or when we realise the extent of the mass surveillance occurring through them,” he said.

“Then we’ll rue the day we didn’t make tough but logical choices about where we allow these technologies to be used in our economy and society.”

More Coverage

Aussie favourite surrenders to China

Iain Curry

China’s ‘perverse dumping’ in Aus ‘ignored’

Danielle Collis, James Chung

Originally published as ‘Kill switch’: Aussie buses face ‘China hacking threat’’