this post was submitted on 05 Nov 2025
266 points (97.5% liked)
Cybersecurity
9074 readers
57 users here now
c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
- Be respectful. Everyone should feel welcome here.
- No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
- No Ads / Spamming.
- No pornography.
Community Rules
- Idk, keep it semi-professional?
- Nothing illegal. We're all ethical here.
- Rules will be added/redefined as necessary.
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub
Notable mention to !cybersecuritymemes@lemmy.world
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
There's a difference between consensual OTA updates (meaning the bus company would manually need to confirm the update) and non-consensual OTA updates (meaning it is done regardless of the bus company's wishes).
The Chinese buses are capable of the latter which is a gigantic security vulnerability. You do not want any operating system anywhere to update itself without consent.
Does Iveco(41%) or any other manufacturer with a meaningful market share do that?
https://www.iveco.com/global/Press/PressReleases/2021/IVECO-Over-the-Air-Update-the-smart-timesaving-way-to-update-vehicle-software
The language used here suggests to me that the user initiates the update, but that's as far as I can guess.
Operators of the chinese bus can pull the SIM card and reinsert it as desired as mentioned in the article, I'm not sure there is a meaningful difference if that is how the Iveco works.