London24NEWS

Warnings over Chinese automotive tech ‘knowledge safety threat’

  • A new report says the ‘UK public remains unaware of the data security risks’ 

The public should be aware of the data security risk of Chinese EVs, a new report has warned.

The report by the China Strategic Risk Institute also warns the Government of the need to ‘effectively mitigate’ the national security risk they pose.

This follows news that the US is planning to ban certain Chinese hardware and software from both fuel and electric cars due to security risks.

A new report by the China Strategic Risk Institute has warned that the public isn't aware of the data security risk Chinese EVs pose

A new report by the China Strategic Risk Institute has warned that the public isn’t aware of the data security risk Chinese EVs pose  

The China Strategic Risk Institute has said that the ‘UK public remains largely unaware of the ‘dependency, disruption and data security risks Chinese EVs pose’.

It says that ‘EVs are essentially computers on wheels’ and the issues lies in the fact that ‘the General Data Protection Regulation (GDPR) that governs privacy for computer services was not created with the geopolitical challenges of data extraction, exploitation and appropriation from states considered to be ‘systemic rivals’ in mind’.

According to the CSRI, CIMs ‘present key vulnerabilities that allow a car’s functionalities to be changed or disrupted by its own manufacturer or other actors’.

Because CIMs enable smart functions in modern vehicles a car can collect data and analyse it, which allows manufacturers to have control of the CIM.

The connection could also be abused by third parties, the report warns.

What are Cellular Internet of Things Modules (CIMs)? 

The Coalition on Secure Technology defines CIMs as: electronic wireless components embedded within units or systems that contain software processing units, geolocation capability, e-sims to connect to the internet, memory, and other peripheral components.

CIMs transmit, receive and process data about their environments.

With EVs in particular, the CRSI is worried that an ‘influx of made-in-China EVs, equipped heavily with made-in-China CIMs’ will allow a lot of data to be collected for surveillance purposes and that there will be exploitable ‘dependency’ on the PRC.

While EVs are singled out the CSRI does point out that it is not just EVs as CIMs enable these smart functions ‘in modern vehicles, regardless of engine type’.

At the end of September, the US proposed a ban on Chinese car tech which has now entered a comment period.

The ban would cover both hardware and software and would be the toughest protectionist measure yet to defend US automotive against cheap Chinese EVs flooding the market. 

Biden’s administration has already imposed 100 per cent tariffs on Chinese EVs and the $7,500 consumer EV subsidy won’t be available to any vehicle with made-in-China components.

While there is currently little use of Chinese or Russian-made software in American cars, the proposed ban is part of ‘targeted proactive steps’ to protect the US, Commerce Secretary Gina Raimondo said.

At the end of September, the US has proposed a ban on Chinese car tech which has now entered a comment period

At the end of September, the US has proposed a ban on Chinese car tech which has now entered a comment period

In a statement she said: ‘Cars today have cameras, microphones, GPS tracking, and other technologies connected to the internet.

‘It doesn’t take much imagination to understand how a foreign adversary with access to this information could pose a serious risk to both our national security and the privacy of US citizens.’

Software made in 2026, for 2027 model vehicles, and hardware for the 2030 model year onwards would be banned.

Ahead of the announcement China’s Foreign Ministry spokesperson Lin Jian said: ‘China opposes the U.S. generalization of the concept of national security and discriminatory practices against Chinese companies and products’.

Examples of data security threats

In The Infrastructure Threat from Chinese Cellular (IoT) Modules (CIMs) paper by the Coalition on Secure Technology, Charles Parton OBE writes that if Chinese CIM manufacturers gain a monopoly they could ‘obtain data from phones synchronised with car infotainment centres (the British security services discovered that data from the Prime Minister’s car was being sent to China via a Chinese CIM)’ and ‘obtain speech and films from inside private cars (Tesla engineers were sacked for doing precisely this).’