Chinese exported buses can be stopped via remote control from China. Can its defence equipment be controlled from afar too?

It has emerged that China-made vehicles exported to foreign countries can, in theory, be stopped or switched off via remote access from China. This raises the question: Can Chinese defence exports also be controlled remotely? The issue of remote control came to light in Norway, where public transport authorities discovered their buses could be accessed from abroad.

Norway electric buses can be stopped remotely

Ruter, Oslo’s public transport operator, found during a security audit of Chinese-made Yutong electric buses that the vehicles had embedded mobile network connections and remote software access. This allowed the manufacturer to perform diagnostics and updates, which means the buses could potentially be disabled remotely. In response, Ruter removed SIM cards from the buses’ modems to mitigate the risk.

Denmark reviews Chinese-made buses over remote access fears

Denmark’s Movia launched a review of its Chinese-made bus fleet.

No actual remote disabling incidents have been reported, but the situation highlights that exported vehicles can have embedded remote access, ostensibly for maintenance or diagnostic purposes.

Remote access in military equipment: A potential worry for future

Chinese export drones, such as the Wing Loong series, include ‘geofencing technology’ that prevents their use in Chinese airspace. If a drone crosses a restricted boundary, it can automatically stop or return to its launch point. These features are intended to prevent misuse against China, but demonstrate that exported military equipment can incorporate mechanisms for limiting or controlling their operation.

Fighter jets, frigates can have remote software update features

Chinese-made fighter jets, such as the JF-17 jointly produced with Pakistan, include advanced avionics and data links that support over-the-air software updates and diagnostics. Analysts have warned that chips and systems from China could theoretically include backdoors. However, there is no verified evidence of China remotely controlling or disabling exported jets.

Chinese-built frigates, such as the Type 054A/P class sold to Pakistan, integrate networked systems for software updates and diagnostics, which could theoretically allow remote access, though no incidents have been reported.

Why China embeds remote access

In civilian products like buses, remote access is generally intended for maintenance and fleet management. For military exports, buyers often require co-production, local maintenance, and restrictions on supplier access to reduce the possibility of remote control. Nonetheless, the presence of remote-access capabilities and geofencing demonstrates that China has the technical ability to embed controls into equipment it exports.

The cases involving China-made vehicles provide examples of built-in remote access that could potentially allow the manufacturers to disable them. They highlight supply-chain and software vulnerabilities. Buyers of both civilian and military equipment are now paying closer attention to digital and software security as part of overall procurement risk assessments