There are increasing worries that China could be leveraging its high-tech electric vehicles for espionage. These cars, packed with advanced sensors and internet connectivity, have the capability to gather extensive data, such as personal and biometric information, along with location details. The fear is that the Chinese government might misuse this data, sparking serious concerns about national security and privacy. As these vehicles become more widespread, the discussion around their safety grows more urgent.
Recent reports indicate that a popular electric vehicle brand in Australia may have a hidden backdoor, allowing the manufacturer to eavesdrop on conversations. This revelation comes on the heels of a month filled with alarming technological warfare incidents, underscoring the security concerns associated with electric vehicles. A BYD car owner, from the Chinese electric vehicle brand, has alleged that the car’s software can listen to his conversations. The reality is that any internet-connected device has the potential to collect and misuse user data, particularly when dealing with a sophisticated and potentially adversarial entity like China. This situation highlights the urgent need for robust cyber security measures to protect user privacy and national security. As these vehicles become more prevalent, ensuring their security becomes increasingly critical to prevent potential exploitation and safeguard sensitive information.
Imagine you’re tasked with a critical decision: should the United States and other countries accept the potential espionage and disruption risks in exchange for trade and economic benefits? Some might find the trade-off tempting, while others may downplay the risks. However, the threat posed by cars connected to China is clear and cannot be ignored. The challenge lies in balancing economic gains with the imperative to safeguard national security and privacy.
Here’s the situation: The U.S. Department of Commerce is targeting two key technology categories—vehicle connection systems (like Wi-Fi and telephones) and automated driving systems. These areas have been flagged as high-risk. Consequently, there will be bans on these technologies if they are manufactured in China, which could also impact European carmakers using Chinese components for communication modules. The decisive factor for this action seems to be China’s successful attempt to install malware on U.S. critical infrastructure networks.
A significant risk with automated driving systems is the potential for Chinese entities to remotely control vehicles, causing crashes or stalls. For over a decade, concerns about networked cars have persisted, with car hacking being a frequent demonstration at Black Hat hacker conferences. Despite these fears, such an event has never happened and remains complex to execute. While the idea of a hostile power stopping all connected cars during a crisis is conceivable, it appears somewhat improbable and random in practice.
The likelihood of using a car’s connectivity system for espionage is quite high. These systems, which enable calls, texts, and navigation, could be exploited to record conversations and transmit them elsewhere. Additionally, cars that connect to the power grid for recharging could provide access to critical infrastructure. Similar to incidents where virtual assistants inadvertently recorded home activities, this data could be misused. China has multiple ways to exploit this information. One method might involve compiling a list of all technology owners and filtering it for valuable targets. Alternatively, they could record everything and later use advanced software to identify relevant data. The decision hinges on the cost of each option, not its feasibility.
Spying through connected cars is an extension of mass communication surveillance, a field where China excels. Those familiar with Snowden’s revelations can easily envision this scenario, given China’s extensive domestic surveillance capabilities. For example, China once wired the entire African Union headquarters, showing that neither scale nor audacity is a barrier. While countries will debate the regulations for accessing data from connected cars, these discussions won’t deter foreign espionage efforts. China’s actions highlight the need for robust cyber security measures to protect against such threats.
It’s widely recognized that Chinese laws mandate companies to assist their intelligence services. Initially, China banned connected Tesla cars from sensitive areas, but this ban was lifted after high-level lobbying and assurances from the Chinese auto industry association that Tesla complied with China’s data collection regulations. However, other restrictions on connected cars like Teslas in sensitive areas seem to persist. The new U.S. regulations could provoke a similar reaction from China, potentially leading to restrictions on foreign cars in sensitive locations.
This sort of connection-collection problem will only increase as more connected devices (also known as the Internet of Things) enter into use and offer expanded new opportunities for espionage and disruption. Things as innocuous as internet-connected fish tanks have been hacked by criminals; cars are simply the next step for well-resourced states. Better privacy rules and cyber security requirements address part of the issue, but not the problem of sophisticated foreign adversaries. For the foreseeable future, bans are likely the only effective way to reduce risk.