In April, U.S. lawmakers urged President Joe Biden to ban Chinese-built electric vehicles (EVs), labeling them an “existential threat to the American auto industry.” The proposed ban arose from concerns that Chinese car makers have an unfair advantage due to government financial support.
Following a months-long investigation into digital connections that could enable Chinese spying and sabotage, the Biden administration recently proposed new rules to ban Chinese-made vehicles. The threats they cite stem from built-in internet connectivity for software updates and various remote controls.
Is the U.S. justified in aiming to ban Chinese-made cars over national security issues, and should Australia follow suit? Remote access and data transmission are an integral part of Chinese cars, but the same is true of modern vehicles made in most countries.
However, Australia’s relationship with Beijing has been rocky at times. Therefore, it’s vital to understand what data is being sent to China and how any vehicles sold in Australia are vulnerable to remote access and control.
Convenience as a double-edged sword
Many car makers offer remote services, including control over vehicle functions. These features are convenient but raise concerns about control, privacy, and security.
Modern cars are like computers on wheels. They collect data about the vehicle and the driver that can be accessed remotely or during servicing. Computerized control systems and monitoring (also known as telematics) have become widespread.
Whether the car is electric or petrol-fueled, the concern is who can access all that data and how. If it’s not sent over the Internet, but simply downloaded and analyzed at the local garage, that’s arguably less concerning.
OnStar, a subsidiary of General Motors launched in 1996, pioneered vehicle telematics and remote connectivity. U.S. law enforcement and intelligence agencies have previously used OnStar’s services to track vehicles, listen to in-car conversations, and even slow down vehicles during pursuits.
It’s now common for car makers to deliver updates, new features, and performance improvements remotely. Volkswagen’s connected service app includes remote start, door lock, vehicle status checks, roadside assistance, vehicle health reports, and service scheduling.
Similar apps exist for Ford, Mazda, and BMW cars, among others. Earlier this year, police allegedly used an app tracking feature to retrieve a stolen Ford Ranger in Melbourne.
Haval and GWM, two Chinese car manufacturers, also offer connected services for their electric and petrol vehicles in Australia. In some GWM cars, “T-Box” telematics hardware allows connection to the Internet. If activated through the manufacturer’s app, GWM ConnectServices collects temperature, battery status, estimated range, mileage, tire pressure, and location. It can also remotely control locks, headlights, and other features.
Privacy concerns over Internet-connected cars have been widely reported before. But the latest commentary goes beyond this, implying national security risks. Due to so much connectivity, it’s possible for hackers or even nation-states to attack connected vehicles.
Coalition member Barnaby Joyce expressed concerns China could weaponize remote access to its EVs for “malevolent purposes.” This worry stems from the fact that in Australia, more than 80 percent of EVs sold are manufactured in China (this includes Tesla models).
Between reality and science fiction
Security experts have raised concerns about China being able to collect driver geolocation and behavioral data, especially in military settings. In the U.S., car-based espionage concerns have prompted investigations into foreign-made hardware and software.
To find out whether Chinese cars have actually been used in espionage, governments will need to engage in further scrutiny. This should include increased counterintelligence measures.
Another concern is the remote disabling of vehicles. It is possible to remotely disable a car. Ford filed a patent for remote disabling of services in 2023. Some GWM models currently have built-in alarms and immobilizers to disable a vehicle if unauthorized use is detected.
Moreover, some car manufacturers offer post-theft tracking services, allowing for remote immobilization. A vehicle equipped with these features could theoretically be hacked by a malicious actor.
Recently, Chechen leader Ramzan Kadyrov accused Elon Musk of disabling his Tesla Cybertruck in Ukraine, where Kadyrov is supporting Russia’s military actions.
This unverified incident hints that a foreign entity could target vehicles over which they have control. However, the possibility of China disabling cars during a trade dispute, cyber conflict, or conventional war seems like something out of dystopian fiction.
Who has access to the data?
Ultimately, the worry that nation-states can use highly invasive bits of tech in our cars for spying is not entirely unwarranted.
When you buy a modern car with built-in computers and connected services, you agree that data and personal information can be shared with garages and manufacturers. But when we purchase an item, we expect to own it and have full control over its use.
If you’re worried about privacy, take charge. Your best recourse is to know what information your car is collecting, with whom the manufacturer is sharing that information, and where and how that information is being stored and used.
Dennis B. Desmond, Lecturer, Cyberintelligence and Cybercrime Investigations, University of the Sunshine Coast
This article is republished from The Conversation under a Creative Commons license. Read the original article.
Follow us on X, Facebook, or Pinterest
