Warnings about ‘data security risk’ of Chinese car technology as US moves to impose ban
- A new report says the ‘UK public is still unaware of data security risks’
The public should be aware of the data security risk posed by Chinese electric vehicles, a new report warns.
The China Strategic Risk Institute report also warns the government of the need to “effectively mitigate” the national security risk they pose.
This follows news that the US plans to ban certain Chinese hardware and software in both fuel and electric cars due to safety concerns.
A new report from the China Strategic Risk Institute has warned that the public is unaware of the data security risk posed by Chinese electric vehicles
The China Strategic Risk Institute has said that the British public is largely unaware of the ‘dependency, disruption and data security risks posed by Chinese EVs’.
It says that ‘EVs are essentially computers on wheels’ and the problems lie in the fact that ‘the General Data Protection Regulation (GDPR) which governs privacy for computing services was not created with the geopolitical challenges of data extraction, exploitation and -appropriation of states’. considered ‘systemic rivals’ in mind’.
According to the CSRI, CIMs exhibit “significant vulnerabilities that allow a car’s functionality to be modified or disrupted by its own manufacturer or other actors.”
Because CIMs enable smart features in modern vehicles, a car can collect and analyze data, giving manufacturers control over the CIM.
The connection could also be misused by third parties, the report warns.
Regarding electric cars in particular, CRSI is concerned that an “influx of Chinese-made electric cars heavily equipped with Chinese-made CIMs” will allow a lot of data to be collected for surveillance purposes and create exploitable “dependency” on the PRC China.
While the focus is on electric vehicles, the CSRI points out that it’s not just electric vehicles, as CIMs enable these smart features “in modern vehicles, regardless of engine type.”
In late September, the US proposed a ban on Chinese automotive technology, which has now entered a comment period.
The ban would cover both hardware and software and would be the toughest protectionist measure yet to protect the US auto industry from cheap Chinese electric vehicles flooding the market.
The Biden administration has already imposed 100 percent tariffs on Chinese electric cars and the $7,500 consumer subsidy will not be available for vehicles with parts made in China.
While there is currently little use of Chinese or Russian software in American cars, the proposed ban is part of “targeted proactive steps” to protect the U.S., Commerce Secretary Gina Raimondo said.
In late September, the US proposed a ban on Chinese automotive technology, which has now entered a comment period
In a statement, she said: “Cars today have cameras, microphones, GPS tracking and other technologies connected to the internet.
“It doesn’t take much imagination to understand how a foreign adversary with access to this information could pose a serious risk to both our national security and the privacy of American citizens.”
Software made in 2026, for 2027 model vehicles, and hardware for model year 2030 and later would be banned.
Ahead of the announcement, Chinese Foreign Ministry spokesperson Lin Jian said: “China opposes the US generalization of the concept of national security and discriminatory practices against Chinese companies and products.”
Examples of data security threats
In The threat to infrastructure from Chinese mobile (IoT) modules (CIMs) In an article from the Coalition on Secure Technology, Charles Parton OBE writes that if Chinese CIM manufacturers gain a monopoly, they “could obtain data from phones synced to car infotainment centers (the British security services discovered that data from the Prime Minister’s car were sent to China via a Chinese CIM)’ and ‘obtaining speeches and films from passenger cars (Tesla engineers were fired for doing exactly this)’.
