Latest news with #JosephJarnecki
Business Mayor
15-05-2025
- Automotive
- Business Mayor
‘Source of data': are electric cars vulnerable to cyber spies and hackers?
Mobile phones and desktop computers are longstanding targets for cyber spies – but how vulnerable are electric cars? On Monday the i newspaper claimed that British defence firms working for the UK government have warned staff against connecting or pairing their phones with Chinese-made electric cars, due to fears that Beijing could extract sensitive data from the devices. Here we look at whether there are problems with electric cars and security. Security experts spoken to by the Guardian say electric cars – the most advanced road vehicles on the market – could be exploited by hackers. Rafe Pilling, the director of threat intelligence at the cybersecurity firm Secureworks, says electric cars have myriad ways of generating data that is of interest to hostile states, given the microphones, cameras and wifi connectivity they contain. 'There are lots of opportunities to collect data and therefore lots of opportunities to compromise a vehicle like that,' he says. He adds that wifi or cellular connectivity, which allows a manufacturer to update a car's operating software – known as an 'over the air' capability – could allow data to be exfiltrated. 'A modern vehicle that has over the air update capabilities – which is crawling with computers, various radios, Lidar sensors and external cameras – could well be repurposed as a surveillance platform,' he says. A mobile phone connected to the car, whether via a charging cable or Bluetooth, is another source of data, he says. Experts say car owners in sensitive industries or in political and government positions should exercise discretion. 'If you are an engineer who is working on a sixth-generation fighter jet and you have a work phone that you are connecting to your personal vehicle, you need to be aware that by connecting these devices you could be allowing access to data on your mobile,' says Joseph Jarnecki, a research fellow at the Royal United Services Institute thinktank. Nate Drier, a tech lead at the cybersecurity firm Sophos, says concerned drivers or passengers can click the 'don't trust' option when they connect their phone charger with the car – but they then lose out on all the benefits that ensue, from using music streaming apps to messaging. 'I would assume most people are allowing that connection to happen so they can have all the benefits of the features on that phone,' he says. Pilling adds that hire car users should take note as well. 'In general, it's a bad idea to sync your phone or device with a vehicle that isn't yours, as you can leave copies of contacts and other sensitive data in the car entertainment and navigation system and most people forget to wipe this after they leave a hire car,' he says. China is a major manufacturer of electric vehicles (EVs) through brands including BYD and XPeng. This, allied with the Chinese state's use of cyber-espionage, makes those cars a source of potential concern. China's National Intelligence Law of 2017, for instance, states that all organisations and citizens shall 'support, assist and cooperate' with national intelligence efforts. 'Chinese law obliges Chinese companies to cooperate with state security, so one has to assume that if a car is capable of spying on you it may be misused to do so,' says Prof Alan Woodward, a computer security expert at the University of Surrey. There is 'no evidence' in the public domain to point to use of Chinese vehicles in such a way, he adds. However, experts also wonder if China would risk causing serious damage to a key export sector such as EVs by making it a vector for intelligence gathering. Mobile phones, smart watches and other wearable devices are more likely targets for espionage. A government spokesperson would not comment on specific security measures, but said: 'Protecting national security is our top priority and we have strict procedures in place to ensure that government sites and information are appropriately protected.' A more detailed statement was made last month by the defence minister Lord Coaker, who said the Ministry of Defence (MoD) was 'working with other government departments to understand and mitigate any potential threats to national security from vehicles'. He said the work related to all types of vehicle and 'not just those manufactured in China'. Referring to an i report that the MoD had banned EVs with Chinese components from sensitive sites and military training bases, he said there were 'no centrally mandated policy restrictions on the movement of Chinese manufactured vehicles'. However, he said individual defence organisations – a reference to public and private entities – may have stricter EV requirements on certain sites. BYD has been contacted for comment. XPeng said it was 'committed to continuously adhering to and complying with the applicable UK and EU privacy laws and regulations'. The SMMT, the trade body for UK carmakers and traders, told the i: 'All manufacturers with cars on sale in the UK must adhere to relevant regulations on data privacy, and EVs are no different. 'The industry is committed to upholding a high level of customer data protection, including proportionate use of data, including apps and paired mobile phones, which can be removed from cars according to individual manufacturer instructions, giving peace of mind to motorists.' READ SOURCE
The Guardian
29-04-2025
- Automotive
- The Guardian
‘Source of data': are electric cars vulnerable to cyber spies and hackers?
Mobile phones and desktop computers are longstanding targets for cyber spies – but how vulnerable are electric cars? On Monday the i newspaper claimed that British defence firms working for the UK government have warned staff against connecting or pairing their phones with Chinese-made electric cars, due to fears that Beijing could extract sensitive data from the devices. Here we look at whether there are problems with electric cars and security. Security experts spoken to by the Guardian say electric cars – the most advanced road vehicles on the market – could be exploited by hackers. Rafe Pilling, the director of threat intelligence at the cybersecurity firm Secureworks, says electric cars have myriad ways of generating data that is of interest to hostile states, given the microphones, cameras and wifi connectivity they contain. 'There are lots of opportunities to collect data and therefore lots of opportunities to compromise a vehicle like that,' he says. He adds that wifi or cellular connectivity, which allows a manufacturer to update a car's operating software – known as an 'over the air' capability – could allow data to be exfiltrated. 'A modern vehicle that has over the air update capabilities – which is crawling with computers, various radios, Lidar sensors and external cameras – could well be repurposed as a surveillance platform,' he says. A mobile phone connected to the car, whether via a charging cable or Bluetooth, is another source of data, he says. Experts say car owners in sensitive industries or in political and government positions should exercise discretion. 'If you are an engineer who is working on a sixth-generation fighter jet and you have a work phone that you are connecting to your personal vehicle, you need to be aware that by connecting these devices you could be allowing access to data on your mobile,' says Joseph Jarnecki, a research fellow at the Royal United Services Institute thinktank. Nate Drier, a tech lead at the cybersecurity firm Sophos, says concerned drivers or passengers can click the 'don't trust' option when they connect their phone charger with the car – but they then lose out on all the benefits that ensue, from using music streaming apps to messaging. 'I would assume most people are allowing that connection to happen so they can have all the benefits of the features on that phone,' he says. Pilling adds that hire car users should take note as well. 'In general, it's a bad idea to sync your phone or device with a vehicle that isn't yours, as you can leave copies of contacts and other sensitive data in the car entertainment and navigation system and most people forget to wipe this after they leave a hire car,' he says. China is a major manufacturer of electric vehicles (EVs) through brands including BYD and XPeng. This, allied with the Chinese state's use of cyber-espionage, makes those cars a source of potential concern. China's National Intelligence Law of 2017, for instance, states that all organisations and citizens shall 'support, assist and cooperate' with national intelligence efforts. 'Chinese law obliges Chinese companies to cooperate with state security, so one has to assume that if a car is capable of spying on you it may be misused to do so,' says Prof Alan Woodward, a computer security expert at the University of Surrey. There is 'no evidence' in the public domain to point to use of Chinese vehicles in such a way, he adds. However, experts also wonder if China would risk causing serious damage to a key export sector such as EVs by making it a vector for intelligence gathering. Mobile phones, smart watches and other wearable devices are more likely targets for espionage. A government spokesperson would not comment on specific security measures, but said: 'Protecting national security is our top priority and we have strict procedures in place to ensure that government sites and information are appropriately protected.' A more detailed statement was made last month by the defence minister Lord Coaker, who said the Ministry of Defence (MoD) was 'working with other government departments to understand and mitigate any potential threats to national security from vehicles'. He said the work related to all types of vehicle and 'not just those manufactured in China'. Referring to an i report that the MoD had banned EVs with Chinese components from sensitive sites and military training bases, he said there were 'no centrally mandated policy restrictions on the movement of Chinese manufactured vehicles'. However, he said individual defence organisations – a reference to public and private entities – may have stricter EV requirements on certain sites. BYD has been contacted for comment. XPeng said it was 'committed to continuously adhering to and complying with the applicable UK and EU privacy laws and regulations'. The SMMT, the trade body for UK carmakers and traders, told the i: 'All manufacturers with cars on sale in the UK must adhere to relevant regulations on data privacy, and EVs are no different. 'The industry is committed to upholding a high level of customer data protection, including proportionate use of data, including apps and paired mobile phones, which can be removed from cars according to individual manufacturer instructions, giving peace of mind to motorists.'
Daily Mail
28-04-2025
- Automotive
- Daily Mail
Don't charge your phone in a Chinese electric car, UK defence firms warn amid 'security data fears'
Defence firms have told staff to stop charging their phones in Chinese-made electric cars over security concerns, it was reported last night. Bosses at two of Britain's top defence companies have said the sector is taking a 'cautious' and 'belt and braces' approach to the possibility that the Chinese state could be spying on cars using electric vehicles. Measures taken to reduce the likelihood of sensitive national security data being stolen include avoiding parking in production plant car parks, as well as a ban on connecting mobile phones via Bluetooth or a charging cable. Firms thought to have taken such precautions include BAE Systems and Rolls-Royce, according to the i newspaper. One defence firm said: 'The sale of Chinese cars is growing in the UK, and we are, rightly, cautious about that. We are making our staff aware of the sensible precautions to take.' After Donald Trump imposed international tariffs on China, the prices for electric cars from the country into the US have doubled, which experts believe could open the doors for more of these cheap EVs to flood the UK. Joseph Jarnecki, a research fellow in cyber and technology at the Royal United Service Institute, explained that considering defence firms are targets for espionage, they are taking measures given historical evidence of Chinese espionage efforts. Although the UK has seen a number of Chinese brands sell their cars, which include BYD, Ora, Geely and XPENG, but Chinese manufacturers also own brands such as MG, Volvo and Polestar. A spokesman for XPENG, which recently launched its all-electric G6 SUV in the UK, denied its cars spy on drivers. Under the country's National Intelligence Law, Chinese firms are required to work with state intelligence work should they be requested. But others have said it is unlikely the Chinese state will risk the impact to reputation should brands be associated with international spying. James Bore, managing director of cyber technology firm Bores Group, said: 'There are theoretical attacks which allow your phone or your devices to be compromised through plugging them into a charger, but these have been shown under lab conditions, and I have seen no evidence that it has ever actually happened in the wild. 'The moment it does, the Chinese car company market collapses, and that's not the sort of economic upheaval that China really wants.'
