Have you ever thought about how your car could be listening to you? Recording audio and video of you? Collecting information from your mobile phone? Tracking your trips; then, sending all this information to organizations that could use it against you? Unfortunately, this is no longer tin-foil hat conspiracy territory. Mozilla, makers of the Firefox web browser recently did an expose’ on modern cars and concluded “All 25 car brands we researched earned our *Privacy Not Included warning label — making cars the official worst category of products for privacy that we have ever reviewed.”
It’s bad enough when Ford patents a system to eavesdrop on you in your car to sell you ads, or GM sells your data to insurance companies that increase your rate or drop your coverage based on your driving habits, but it’s even worse when the it’s the People’s Republic of China (PRC) who can access and exploit all this data.
Chinese vehicles, especially new EVs, are a serious threat to privacy, cybersecurity and the American people. It may sound far-fetched, but it’s not hyperbole to say that these vehicles are at risk for foreign interference by the PRC.
To be clear, I’m not saying that we should disavow technology and get off the grid. But I am urging all Americans to be much more careful about the technology driven products we use, and more thoughtful about the potential consequences of these technologies, especially when it comes to vehicles that can be monitored and possibly controlled by the PRC. It’s critical to understand that Chinese companies are bound by Chinese law to provide the PRC with access any data they request. This article from The Hill sums it up: For Chinese firms, theft of your data is now a legal requirement. This is especially concerning for Chinese EVs, but it also impacts any so called “smart” device, app or platform from any Chinese owned company. Think TikTok or Temu for example.
The Biden Administration has finally gotten around to recognizing the serious privacy and security threats presented by CEVs. In February of this year, President Biden took steps toward blocking internet-connected Chinese cars and trucks from entry to the American market. Better late than never.
CEVs pose serious risks to our national security and your individual privacy and security. They’re rolling surveillance devices that can be weaponized. Imagine if the PRC decided to cause chaos in the US and made all CEVs suddenly accelerate uncontrollably during rush hour traffic on a Monday afternoon. Or they chose critical infrastructure targets such as chemical plants, water plants and electric grid distribution points and then turned CEVs into road-based missiles that drive into these targets at high speed while you and your family are trapped inside.
With these risks in mind, the Department of Commerce recently issued a notice of proposed rulemaking (NPRM) that would, if finalized as proposed, prohibit the sale or import of connected vehicles that incorporate certain technology from countries of concern. For my money, this commonsense measure can’t happen too soon.
It’s no secret that China is America’s greatest geopolitical adversary. The FBI has warned that they are actively weaponizing technology and increasing cyber aggression against America while working to undermine U.S. global leadership, national security and our economy.
Beijing recently launched a “hacking typhoon” targeting U.S. critical infrastructure, such as power grids, financial transactions, military controls, and utility systems, to infiltrate and cripple America’s way of life and our standing as a global leader. FBI Director Christopher Way has said that Chinese hackers seek to “wreak havoc” on our critical infrastructure.
This should really come as no surprise, though.
As we become increasingly dependent on digital technology in all facets of our society which is also increasingly interconnected, it makes our society more fragile in many ways. Cybersecurity is no longer about defending computers or even individual organizations; it’s about protecting society. It’s never been more important for each of us to play our role, to learn more about what we can do to protect ourselves, our families and our organization and take action to protect against attacks which includes learning about the risks of “smart” Internet of Things (IoT) devices we increasingly use each day including our vehicles.
While inflation is through the roof and the cost of living has skyrocketed, the allure of cheap CEVs does not offset the myriad risks they bring. Before you buy a new vehicle, do your homework. Be sure to understand what country produces the vehicle or any IoT device. If it comes from China, you should seriously question the purchase, especially vehicles which could be turned into weapons.
During Cybersecurity Month 2024, learn more about CEVs and educate your family, friends, and colleagues about the risks and best practices to stay safe online and with your devices.
Dave Hatter is an award-winning technology leader with over 30 years of software engineering and cybersecurity experience and works as a Cybersecurity Consultant at Intrust IT. He has also served as the Mayor of Fort Wright, Kentucky since 2015.