The United States has moved to ban Chinese connected-car technology over fears vehicles can spy on – and assassinate – their drivers.
“Cars today have cameras, microphones, GPS tracking and other technologies connected to the internet. It doesn’t take much imagination to understand how a foreign adversary with access to this information could pose a serious risk to both our national security and the privacy of citizens,” Commerce Secretary Gina Raimondo said earlier this week.
“In an extreme situation, foreign adversaries could shut down or take control of all their vehicles operating in the United States all at the same time.”
The move came just days after the power of sabotaging key pieces of everyday technology was demonstrated when personal pagers and walkie-talkies were detonated in a widespread attack against Hezbollah jihadist fighters in Lebanon.
The attack was allegedly coordinated by Israel, although the nation is yet to accept responsibility.
“We’ve already seen ample evidence that [China] pre-positioned malware in our critical infrastructure for disruption and sabotage,” US National Security Adviser Jake Sullivan added.
“And with potentially millions of vehicles on the road, each with 10- to 15-year life spans, the risks of disruption and sabotage increase dramatically.”
Digital duel
The proposal to ban “connected” Chinese cars comes after the US and its Five Eyes intelligence partners (including Australia) disrupted two large Beijing-sponsored hacking operations targeting more than 200,000 consumer devices worldwide.
Earlier this month, the Chinese hacking campaign dubbed Flax Typhoon was revealed to be targeting university, government and telecommunications company employees.
Home computers, internet routers and web cameras were among the infiltration targets in a campaign designed to steal sensitive data and track user activities.
Earlier this year, another Chinese hacking group – dubbed Volt Typhoon – was discovered infiltrating critical infrastructure such as electrical grids and sewage treatment plants.
“Make no mistake – it’s just one round in a much longer fight,” FBI Director Chris Wray warned at the time.
“The Chinese government is going to continue to target your organizations and our critical infrastructure, either by their own hand or concealed through their proxies.”
Chinese carmaker BYD (marketed in Australia as Build Your Dreams) has recently overtaken billionaire Elon Musk’s Tesla as the world’s leading maker of semi-autonomous and electric vehicles (EVs).
While making significant inroads with the European and Australian markets, Chinese car brands have yet to gain a foothold in the United States.
Cyber apocalypse
“You can imagine the most catastrophic outcome theoretically if you had a couple million cars on the road and the software were disabled,” Commerce Secretary Raimondo told media.
Her department proposes the ban takes effect on Chinese-supplied vehicle software from 2027 and hardware from 2029.
This will apply to all vehicles supplied with Bluetooth, satellite and wireless internet access features – as well as autonomous driving AI.
China has attacked the move as a covert trade ban, pointing to another move by the White House last week to increase tariffs on Chinese EVs by 100 percent, as well as new tariffs on EV batteries and critical minerals.
But Australian Strategic Policy Institute (ASPI) intelligence analyst Chris Taylor says high technology espionage is a genuine and growing concern.
“Sabotage – destroying, damaging or obstructing for military and/or political advantage – is back,” he writes.
The attack via Hezbollah’s pagers and radios exposed the vulnerability of international supply networks.
But suspicious fires in European and American munitions factories supporting Ukraine have also been linked to Russian infiltration efforts, he adds.
“When your manufacturing base exists almost wholly outside of your borders and includes potential adversaries, you’re unavoidably vulnerable,” Taylor argues.
“While state actors may not have the intent now, they certainly could in a conflict scenario, hence why ‘suppliers of concern’ were excluded from our 5G communications systems.”
Home front
“For Australia, the stakes are too high to ignore,” says technologist Jason Van der Schyff.
“By taking proactive steps now to secure our supply chains from potential threats the country can protect our critical infrastructure, safeguard our national security, and ensure our future remains in our own hands, not China’s.”
At one level, devices can be turned into remote-controlled bombs.
The Hezbollah attacks were not the first time this has happened. An exploding mobile phone was used to assassinate Hamas bombmaker Yahya Ayyash in 1996.
At another level, devices can be turned into trojan horses for sabotage viruses.
This was used against Iranian centrifuges processing uranium for use in nuclear weapons. The Stuxnet cyberweapon spun them out of control and into destruction in 2010.
“In Australia, the challenge is … pressing,” argues Van der Schyff.
“As a nation that relies heavily on imports for essential goods, from consumer electronics to military hardware, the potential for supply chain interdiction looms large – especially given that much of this equipment is manufactured in China.”
He adds that any connected electronic device – routers, USB sticks, phones or cars – “could be compromised at any stage in their journey from the manufacturer to the end user. Interdiction attacks, where hardware is tampered with during transport, are not difficult to execute, especially along complex shipping routes.”
Only by diversifying supply chains – and reviving Australia’s decimated manufacturing industry – can mitigate the risk. Along with extensive blockchain security tracking technology and integrity testing.
That, says Taylor, comes at a price.
“There are economic costs that must be balanced against considered risks and the opportunity costs of using security resources in this way,” he argues.
“Those costs reveal an additional objective to sabotage: diverting resources away from defence capability to securing supply chains and inventories.”
