Home > Security > Security News

Smart Bus Travellers May Have Their Data Stolen, Routes Changed and Onboard Camera Accessed Due to Wi-Fi Security Gaps

Published
Written by:
Vishwa Pandagle
Vishwa Pandagle
Cybersecurity Staff Editor
Bus - Passengers

Security researchers uncovered smart bus flaws that could be exploited to track their location, access cameras, and even alter their GPS data, disrupting schedules.

Moreover, routers lacking encryption, network segmentation, or adequate authentication expose passenger and driver data to the risk of theft. Vulnerabilities such as command injections and an MQTT backdoor could also allow attackers to gain access to the smart bus.

Exploiting APTS and ADAS 

Researchers at DEF CON found that free passenger Wi-Fi shared with onboard systems like APTS and ADAS could be exploited, and routers lacking encryption, segmentation, or strong authentication leave passenger and driver data vulnerable to theft.

Advanced Public Transportation Services (APTS) handle bus routes, schedules, and passenger updates, while Advanced Driver Assistance Systems (ADAS) use sensors and cameras to support drivers, prevent accidents, and improve overall safety.

Chiao-Lin ‘Steven Meow’ Yu of Trend Micro Taiwan told SecurityWeek, “Once an attacker understands the protocol via packet analysis or similar methods, it is possible to perform attacks from the internet without needing to be physically present on the bus.”

Since APTS is coordinated through a central system, when this network is linked to the public Wi-Fi, travelers using the service could be exposed to remote cyber threats, which was demonstrated by researchers who bypassed the router’s authentication, a Security Week report read.

Risk to Smart Bus Operations from Unsecured Onboard Wi-Fi

When hackers target onboard displays and gain access to a transportation company’s servers, they can manipulate messages, disrupt schedules, and interfere with operations. 

By accessing driver information, they could even impersonate them, posing serious safety and security risks for passengers and the transit network, both online and offline.Stolen passenger travel data could open doors to further exploitation, as viewed in the KLM breach. Latest findings point to a threat actor putting customer support data on sale on the dark web, allegedly from the airline’s loyalty CRM, following Air France-KLM’s recent supply chain attack.

Add a Comment
Related
Customer Support - Help Desk
Targeting Customer Support: After Air France and KLM Confirm Supply Chain Attack, Dark Web Vendor ‘Chucky_BF’ Puts Airline CRM Data for Sale
School - Students - Building
Kokomo24/7, a Vendor for the Los Angeles Unified School District Hit by a Cyber Attack, Network Files Likely Compromised
PACER Hack Exposes Sensitive Data in Sweeping ‘Administrative Office of U.S. Courts’ Cyberattack 
Data Breach - Lawsuit
Optus Faces 2022 Data Breach Lawsuit Initiated by Australian Information Commissioner
Google - Model
Promptware Vulnerability Exposes Google Home Devices to Gemini AI Exploits
Facebook Woman Pixel
Clickjack Trojan Campaign Exploits Facebook Users to Promote Adult Websites 
Most Popular
Customer Support - Help Desk
Targeting Customer Support: After Air France and KLM Confirm Supply Chain Attack, Dark Web Vendor ‘Chucky_BF’ Puts Airline CRM Data for Sale
School - Students - Building
Kokomo24/7, a Vendor for the Los Angeles Unified School District Hit by a Cyber Attack, Network Files Likely Compromised
NordVPN Launches Is it down- A User-Based Website Outage Tracker
NordVPN Launches "Is it down?"- A User-Based Website Outage Tracker
Shield - Piracy - Skull - Door
CyberGhost, ExpressVPN, NordVPN, ProtonVPN, Surfshark VPNs Ordered to Block More Pirate Sites
PACER Hack Exposes Sensitive Data in Sweeping ‘Administrative Office of U.S. Courts’ Cyberattack 
Data Breach - Lawsuit
Optus Faces 2022 Data Breach Lawsuit Initiated by Australian Information Commissioner
Targeting Customer Support: After Air France and KLM Confirm Supply Chain Attack, Dark Web Vendor ‘Chucky_BF’ Puts Airline CRM Data for Sale
Kokomo24/7, a Vendor for the Los Angeles Unified School District Hit by a Cyber Attack, Network Files Likely Compromised
NordVPN Launches "Is it down?"- A User-Based Website Outage Tracker
CyberGhost, ExpressVPN, NordVPN, ProtonVPN, Surfshark VPNs Ordered to Block More Pirate Sites
PACER Hack Exposes Sensitive Data in Sweeping ‘Administrative Office of U.S. Courts’ Cyberattack 
Optus Faces 2022 Data Breach Lawsuit Initiated by Australian Information Commissioner

Most Popular
Customer Support - Help Desk
Targeting Customer Support: After Air France and KLM Confirm Supply Chain Attack, Dark Web Vendor ‘Chucky_BF’ Puts Airline CRM Data for Sale
School - Students - Building
Kokomo24/7, a Vendor for the Los Angeles Unified School District Hit by a Cyber Attack, Network Files Likely Compromised
NordVPN Launches Is it down- A User-Based Website Outage Tracker
NordVPN Launches "Is it down?"- A User-Based Website Outage Tracker
Shield - Piracy - Skull - Door
CyberGhost, ExpressVPN, NordVPN, ProtonVPN, Surfshark VPNs Ordered to Block More Pirate Sites
PACER Hack Exposes Sensitive Data in Sweeping ‘Administrative Office of U.S. Courts’ Cyberattack 
Data Breach - Lawsuit
Optus Faces 2022 Data Breach Lawsuit Initiated by Australian Information Commissioner
Targeting Customer Support: After Air France and KLM Confirm Supply Chain Attack, Dark Web Vendor ‘Chucky_BF’ Puts Airline CRM Data for Sale
Kokomo24/7, a Vendor for the Los Angeles Unified School District Hit by a Cyber Attack, Network Files Likely Compromised
NordVPN Launches "Is it down?"- A User-Based Website Outage Tracker
CyberGhost, ExpressVPN, NordVPN, ProtonVPN, Surfshark VPNs Ordered to Block More Pirate Sites
PACER Hack Exposes Sensitive Data in Sweeping ‘Administrative Office of U.S. Courts’ Cyberattack 
Optus Faces 2022 Data Breach Lawsuit Initiated by Australian Information Commissioner

TechNadu keeps you informed with the latest in cybersecurity, VPNs, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2025 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: