The most thought provoking article I have read this week:
A Norwegian bus company wants to know if their buses could be abused by China in the case of war.
So they drive two buses deep into a limestone mine to isolate them from the internet and forensically investigate how they work.
In the mine, investigators discover a Chinese kill switch which could destroy all Chinese buses.
In Denmark, that is 57 percent of the bus fleet.
Source (Danish):
@titanmanfred @randahl John Deere tractors aren't cheap, to buy or to repair.
I wonder where the Chinese got the idea of software/IP lock in from?
https://pluralistic.net/2022/08/15/deere-in-headlights/#doh-a-deere
@titanmanfred @randahl just to amplifiy this point. Nearly all internet connected devices have a kill switch.
Teslas have a kill switch
Your ISP supplied router has a kill switch
Your phone has a kill switch
Your Windows computer has a kill switch
Your programmable bed has a kill switch
Your robot vacuum has a kill switch
Your MS Mail account and your Bank account has a kill switch (ask ICC judges)
Your data in the US owned cloud (even if hosted in Europe) has a kill switch
F35 planes, NATO donated to Ukraine, have a kill switch.
Your Polish locomotive has a kill switch (activated if you try and use an independent repair shop).
All these have been mentioned in the news and in the Fediverse recently.
Most of these are controlled by US or Chinese companies. Particularly with Trump in charge and alll the tech Billionaires subbing him are you sure that the American ones are less lilkely to be used against you by the USAian companies than the Chinese companies to disable your kit and maybe your life?a
@randahl US made John Deere tractors also have a kill switch and it has been used to disable some of them (in this case tractors stolen by Russian troops) remotely:
(EDIT: this was also mentioned briefly in the Danish article linked above)
@martinvermeer Right. Though I think it's somewhat misleading to talk about a "kill switch" in these cases. These devices simply have a remote update mechanism that is normally used to push firmware updates and it's possible to use that mechanism to send an update that bricks the whole machine. A "kill switch" doesn't have to be an explicit part of the design, just a consequence of being able to send software updates.
@randahl To be honest: I'd love a broad scale analysis of this. Few days ago it as a vacuum cleaner, now buses...
Test this in all things. From mobile phones to cars (don't care if Chinese, US or German), smart beds (well... actually leave these ones out. Who buys a bed that needs internet?!), switches, routers, water pumps, ....
I bet they'll find stuff in too many places.
@jesterchen @randahl here's one, everthing is Chinese: solar panel infrastructure: https://www.reuters.com/sustainability/climate-energy/ghost-machine-rogue-communication-devices-found-chinese-inverters-2025-05-14/
There were suggestions badly managed solar inverters contributed to the widespread blackouts around Spain this summer.
@janvenetor @jesterchen @randahl I've also heard from people in the industry that the jump to blame renewables by the usual suspects was predictably completely made up and untrue.
I forgetthe details but it was basically under maintained older infrastructure in the interconnectors between regions and countries.
@mossman @jesterchen @randahl yes, and renewable utilities place more demands on the already thinly spread and unmaintained infrastructure..
Suddenly losing large percentage of production will cause blackouts.
(I've been a huge PV fan for more than a decade
, when it was evident it will wipe the floor with all other forms of electricity.
Building any infra on internet of shit, chinese and/or networked components will still backfire.)
@mossman @janvenetor @jesterchen @randahl
The former head of the Spanish grid operator, a big renewables proponent, said explicitly afterwards that he had been telling the government all during his tenure that the additional grid stress caused by wind and solar coming on and off were going to require substantial investments in transmission and switching, or there were going to be spectacular large-scale failures ; and every budget year the treasury kept putting him off.
@mossman @janvenetor @jesterchen @randahl
Here is the factual report if you want to read it.
@randahl Not just China doing this. I remember https://arstechnica.com/tech-policy/2023/12/manufacturer-deliberately-bricked-trains-repaired-by-competitors-hackers-find/
It is generally not a good idea to give others control over apparatuses that you own.
you have plenty of this, everywhere
one of my favorite is farmers using hackers to be able to self-repair their tractors...
https://copperhilltech.com/blog/farmers-are-hacking-their-tractors-because-of-a-right-to-repair-ban/
For decades, American farmers have been at the mercy of agricultural equipment manufacturers, who have locked down their tractors with proprietary software, restricting repair options and forcing owners to seek expensive, manufacturer-approved service providers. In response, a growing number of farmers are resorting to hacking their own tractors, using underground software tools and firmware modifications to regain control of their equipment. At the heart of this battle is the right to repair—an issue that has implications far beyond agriculture. The Right to Repair Controversy Modern tractors, such as those produced by John Deere, Case IH, and other leading brands, are no longer just mechanical workhorses; they are complex, software-driven machines. Manufacturers argue that restricting access to proprietary software is necessary for safety, emissions compliance, and intellectual property protection. However, this has left farmers unable to diagnose or fix even minor issues without paying hefty fees or waiting for authorized service technicians, which can be costly and cause delays during crucial planting and harvesting seasons. The right to repair movement advocates for legislation that would grant farmers access to diagnostic tools, software, and replacement parts, allowing them to fix their own equipment or seek third-party repairs. While some states have passed right to repair laws, the agricultural sector remains a battleground due to manufacturer resistance. How Farmers Are Fighting Back In response to these restrictions, farmers and independent technicians have turned to hacking solutions to circumvent manufacturer-imposed software locks. This often involves modifying firmware, using cracked versions of diagnostic software, or sourcing repair tools from black markets in Eastern Europe and China. One of the most popular underground tools is an unauthorized version of John Deere’s Service Advisor, a diagnostic program that allows technicians to troubleshoot and repair tractors. By using these hacked tools, farmers can bypass manufacturer restrictions, unlock hidden features, and make repairs that would otherwise require a costly service call. The Role of SAE J1939 in Tractor Hacking A critical piece of the puzzle in tractor hacking is the SAE J1939 protocol. SAE J1939 is an industry-standard network communication protocol used in heavy-duty vehicles, including agricultural machinery. It is built on the CAN (Controller Area Network) bus system, which allows electronic control units (ECUs) within a tractor to communicate with each other. For farmers and independent mechanics, access to SAE J1939 data can be a game-changer. It allows them to retrieve diagnostic trouble codes (DTCs), monitor engine performance, and even override certain restrictions imposed by manufacturers. Some enterprising farmers have developed custom software and hardware tools to interface with the J1939 system, enabling them to reprogram ECUs or unlock proprietary functions that are otherwise hidden behind manufacturer restrictions. Hacking J1939-enabled tractors typically involves connecting a laptop or diagnostic tool to the tractor’s CAN bus via an OBD-II or 9-pin diagnostic port. With the right software, farmers can analyze the data stream, identify faults, and apply fixes without needing a manufacturer’s approval. However, this practice exists in a legal gray area, as modifying ECU firmware may violate software license agreements or the Digital Millennium Copyright Act (DMCA). Legal and Ethical Implications The hacking of tractors raises significant legal and ethical questions. While farmers argue that they should have full ownership over their equipment, manufacturers counter that unauthorized modifications could lead to safety hazards, increased emissions, or even liability issues. The DMCA's anti-circumvention provisions currently criminalize the act of bypassing software locks, even for legitimate repair purposes. However, advocacy groups such as the Repair Association and Public Knowledge have been pushing for exemptions that would allow farmers to legally access and modify their tractor software. In recent years, lawsuits and legislative efforts have brought attention to the issue. In 2022, John Deere signed a memorandum of understanding (MOU) with the American Farm Bureau Federation, pledging to provide farmers with greater access to repair tools and software. However, critics argue that this agreement lacks legal enforcement and does not go far enough in guaranteeing farmers' rights. The Future of Right to Repair in Agriculture The fight for the right to repair is gaining momentum. Several U.S. states, including Colorado and New York, have passed right to repair laws covering agricultural equipment. At the federal level, the Fair Repair Act has been proposed to mandate broader access to repair tools across various industries. Farmers, mechanics, and advocacy groups continue to push for stronger protections that would ensure that equipment owners have full control over the machines they depend on. Until comprehensive right to repair laws are enacted, hacking may remain a necessary, albeit risky, solution for farmers who refuse to be locked out of their own equipment. Conclusion The battle over tractor repair rights underscores a larger conflict between corporate control and consumer ownership. As manufacturers tighten their grip on agricultural technology, farmers are fighting back with ingenuity, hacking skills, and grassroots activism. The SAE J1939 protocol has emerged as a key battleground in this fight, offering both an opportunity for empowerment and a potential legal minefield. With the future of farming increasingly dependent on software-driven machinery, the outcome of the right to repair debate will shape the agricultural industry for generations to come. Whether through legislation, legal battles, or underground hacking efforts, farmers are making it clear: they will not surrender their right to fix the tools of their trade. SAE J1939 to USB Gateway for Network Analysis The SAE J1939 gateway provides a comprehensive solution for monitoring, simulating, and recording any Parameter Group Number (PGN) as specified in the SAE J1939-71 standard. Additionally, it supports the analysis of diagnostic messages in accordance with the SAE J1939-73 standard, making it a versatile tool for troubleshooting and performance optimization. To enhance usability, the gateway is fully compatible with our free JCOM1939 Monitor software, a powerful Windows-based application designed for SAE J1939 monitoring, in-depth analysis, and ECU simulation. This software allows users to visualize real-time data, decode network traffic, and perform advanced diagnostics, making it an essential tool for engineers, developers, and technicians working with SAE J1939 systems. More Information...
@ArtHarg @randahl https://codetiger.github.io/blog/the-day-my-smart-vacuum-turned-against-me/
Vacuum cleaners have kill switch as well
Would you allow a stranger to drive a camera-equipped computer around your living room? You might have already done so without even realizing it. The Beginning: A Curious Experiment It all started innocently enough. I had recently bought an iLife A11 smart vacuum—a sleek, affordable, and technologically advanced robot
We've all been there: the trains you're servicing for a customer suddenly brick themselves and the manufacturer claims that's because you...
English explanation of the same story:
https://cybernews.com/security/norway-china-electric-buses-remote-control/
// @randahl
@randahl Is this really surprising?
And, btw, don't you think the US (or Russia) don't do the same?
Time for Europeans to grow up, to stand up and get their balls unleashed from whoever hold them tight! 🙂
The article I read in English said "disable". In war-speak (Mission Task Verbs) I expect they could Degrade, Deny, Disrupt, or Neutralize.
Realistically direct china-norway conflict is improbable. If I were China, I'd just sell details of any security weaknesses of the system to the Russians.
If I were an infrastructure company (like busses) I'd try very hard not to buy electronics from a police-state. Easier said than done I'm sure!
https://cybernews.com/security/norway-china-electric-buses-remote-control/
#war #norway #infosec #bus #publicTransport #infrastructure #cyberResilience #sovereignty
That makes sense.
@randahl
Here's another article about this in German:
@randahl
The existence of a kill switch is one thing, but what's more fundamental here in the case of a bus is why on earth it has to be connected to the public internet in the first place?
It just doesn't make sense.
@shadowdancer @randahl They need to access the operator's network, so dispatchers know where each vehicle is (and this information can also feed real-time tracking for travelers). Outside of cities you cannot use radio as it would be too expensive and unreliable, the most practical solution is to use the public GSM network.
The issue at play here is the reliance on proprietary third-party software, usually packages that combine both dispacher software and ticket handling. These include remote updates (you cannot have maintenance technicians or drivers run around with computers or even USB drives, it's not practical), so unless you have full control and full trust over that software your fleet now has remote kill switches.
One solution is to make all the required software in-house, but most public transports operators are too small to handle such development and the associated costs. LeTEC in Belgium has been doing this for the past 15 years, for a fleet of 3000 vehicles. It's a lot of work.
What we need is a pan-european cooperative to build these systems for all operators.
Peraphs not..
We must ask ourself where this suspious comes from? I've get you a clue in the interview linked below.
Randahl Fink
Raimund Eder
Manfred
C.Suthorn 
MarjorieR
Ed Bridges
⁂ Fish Id Wardrobe
Kenner
Radler
Leeloo
Osma Suominen
Martin Vermeer FCD
Osma A 🇫🇮🇺🇦
Bernard
jesterchen42
Janne
mossman
The Penguin of Evil
publius
Pēteris Krišjānis
Raglan Niall 
Arthur van der Harg
Nicolas Fournier
Howard Chu @ Symas
Steve Hill 🏴🇪🇺
Todd Knarr
amackif
Alexander Goeres 𒀯
Benjamin Kwiecień 🇵🇸
tootbrute
Greg Harvey 🌍
Thierry Van Kerm
doboprobodyne
Christian Klüber-Demir 🏈
Sindastra 
:femin:🏴☠️
panu
Matt
JKB
umberto aisone
prince lucija
ScaredyCat