Mobile phones and desktop computers have long been targets of cyber espionage, but how vulnerable are electric vehicles?
On Monday, a newspaper reported that a British defense company, engaged with the UK government, advised its staff against connecting mobile devices with Chinese-made electric vehicles due to concerns over potential data extraction by Beijing.
This article examines the security issues related to electric vehicles.
Can an electric car snoop on you?
Security experts quoted by the Guardian suggest that electric vehicles, being the most advanced vehicles on the market, could be vulnerable to hacking.
Rafe Pilling, director of threat intelligence at cybersecurity firm SecureWorks, notes that electric vehicles can produce a wealth of data that could interest a hostile state.
“There are numerous opportunities to compromise these vehicles as they collect data,” he states.
He further explains that WiFi or mobile connectivity can enhance data access for manufacturers through the “over-the-air” software update feature.
“Modern vehicles equipped with over-the-air updates, various sensors, and external cameras could potentially be repurposed as surveillance tools,” he adds.
A mobile phone connected to a car via a charging cable or Bluetooth is another significant data source, he mentions.
Should all car drivers be worried?
Experts indicate that individuals in sensitive sectors, such as government or defense, should exercise caution.
“If you’re working on a sixth-generation fighter jet and connect your work phone to your personal vehicle, be mindful that this connection could compromise your mobile data,” states a researcher at the Royal United Services Institute Think Tank.
Nate Drier, tech lead at cybersecurity firm Sophos, highlights the option to select “don’t trust” when connecting a phone charger to a car; however, this would forfeit many functionalities, such as music streaming or messaging.
“Most people tend to maintain that connection for the convenience it brings,” he acknowledges.
Pilling adds that even rental car users should remain vigilant.
“Generally, individuals may leave copies of their contacts and sensitive information in their car’s entertainment and navigation system, often forgetting to remove them before relinquishing the vehicle, making phone synchronization a risky move,” he advises.
Why are Chinese vehicles the focus of concern?
China is a significant producer of electric vehicles (EVs) through brands like BYD and XPENG. Coupled with the Chinese state’s practices in cyber espionage, this raises concerns. For instance, China’s National Intelligence Act of 2017 mandates all organizations and citizens to “support, assist, and cooperate” with national intelligence efforts.
“Chinese law compels companies to align with national security, so one must consider the possibility of surveillance capabilities in their vehicles,” he notes, albeit admitting that there is “no evidence” currently linking Chinese vehicles to espionage.
Experts believe that while electric vehicles are a concern, devices like mobile phones, smartwatches, and other wearables are more likely targets for spying.
What does the UK government say?
A government representative refrained from commenting on specific security protocols but affirmed that “protecting national security is our utmost priority, and strict procedures are in place to ensure government sites and information are adequately safeguarded.”
A more detailed statement released last month by Defence Minister Koker, indicated that the Ministry of Defence (MOD) is collaborating with other government bodies to understand and mitigate potential security threats from all types of vehicles, not just those manufactured in China.
Further reports state that while there are no overarching policy prohibitions on the movement of Chinese-made vehicles, EVs incorporating Chinese components have been banned from sensitive military locations.
Nevertheless, individual defense entities may impose stricter requirements for vehicles in particular settings.
BYD was reached for commentary, while Xpeng stated it is “committed to upholding and complying with applicable UK and EU privacy laws and regulations.”
SMMT, a trade association representing British automakers, responded:
“Our industry is dedicated to maintaining a high standard of customer data protection, which includes the responsible use of data. Features such as apps and paired phones can be removed from vehicles based on individual manufacturers’ guidelines, ensuring drivers feel secure.”
Source: www.theguardian.com