What is the problem with Chinese cars, and should it bother private buyers as well?
Responding to and deterring cyberattacks is a tough challenge for modern cars, especially when it comes to information security.
Cars have the potential to become highly sophisticated spy machines, with enormous information-gathering capabilities: they have cameras that look outwards, in order to alert the safety systems, or for example, to identify who has hit them while they are parked.
They also sometimes have cameras that look into the cabin to detect if the driver is tired. They have microphones for the headset and they have sensors of various types such as GPS systems and the like. This information can be used by the car on the same trip, but the road to recording and collecting this information is not long.
Car’s communication systems.
The driver is not necessarily aware of this, but a modern vehicle can transmit data out to the manufacturer’s and importer’s support systems. It is also able to receive information from the outside, sometimes even making ‘recalls’ without the driver having to get the car out of the parking lot. Some of these vehicles also have an emergency system designed to call a medical center in the event of an accident and transfer the vehicle’s location data to them, in order to get help as quickly as possible to ride on the legitimate communication systems in order to collect the information in the car, to a party that was not supposed to receive it.
Software updates may also include ‘malware’ that will do these things.
The manufacturers’ monitoring systems collect information about trips and their nature, to analyze the batteries’ real driving ranges, for example. But this could create a dangerous security breach. For example, identifying a situation in which senior officials in sensitive security systems travel for an exercise in a secret place. Even without knowing why, it is impossible to rule out the possibility of surveillance by a foreign party on the activity.
A modern car can transmit and receive information
You can ride on the legitimate communication systems to collect information from the car, to a party that is not supposed to receive it. Software updates may include ‘malware’ that will do these things
As revealed in the 7-seater Chery Tiggo 8 vehicles made in China for owners of large families who have a certain parent working in one organization or another and again, security is not important as a business. It is recommended to instruct to disconnect the communication system for accident assistance, and not to discuss classified/business issues while traveling by car.
Those who deal with classified topics are already accustomed to keeping their mobile phones away when dealing with sensitive topics. They are not used to treating the car as a sensitive place, and it seems challenging to stop two people who have come out of a discussion to talk about it in the car.
The fear of Chinese espionage – China, a power hostile to the West, such as Russia, for example, cannot rule out the possibility that it is carrying out quite a bit of espionage as part of its attempts to influence the world and collect information for political, military, and commercial purposes.
And what about the threat of taking over a car remotely, I am usually asked?
This is an existing threat, but it is less common and more challenging to carry out, so the threat of gathering information is much more tangible.
Is there a reason for a private citizen to refrain from buying Chinese cars?
I don’t see any reason why a private citizen should refrain from making such purchases. It is not a target for espionage, there are many Chinese cars on the market, and some of them are also very successful. A private citizen does not always know that he has purchased a Chinese-made car, there are also European manufacturers that manufacture and export from there, and he also does not have the tools to know that even if he purchased a non-Chinese car, it has a Chinese multimedia system that may collect information about it.
Another issue that is less addressed is electric vehicle charging stations, many of which are also made in China – a charging station installed at home can also serve as a starting point for network penetration. This area is much less addressed than cyber threats in the car.
