‘Dark security hole’: Foreign smart cars more likely to listen in than be controlled remotely, experts say
The threat of foreign EVs being remotely controlled on Australian roads is unlikely, but the computers on wheels are still listening and watching everything we do.
While Barnaby Joyce is worried about China remotely controlling electric vehicles on Australian roads, cyber security experts are far more concerned about modern cars hoovering up our data.
Cyber security experts told NewsWire that modern vehicles presented the same privacy issues as the rest of our devices.
A recent global investigation found 25 car manufacturers collect data on facial expressions, sexual activity, weight, genetics, what you listen to in the car, destinations and routes, voice data, phone contacts, speed, location and footage of car users outside their vehicles.
Many manufacturers sell this data to third parties. A Reset.Tech report this week found Australians’ live location data is shared 449 times a day and sold to sometimes shady buyers.
The conjecture about Chinese EVs was sparked this week by Mr Joyce drawing a parallel between Israel detonating pager devices in Lebanon and China controlling its EVs on Australian roads.
“Australians can feel somewhat safe knowing that the government has a system in place to identify and fix any security risks with foreign-made EVs,” RMIT associate professor in cyber security Nalin Arachchilage said.
“The concern about foreign-made EVs is real, but it’s a bit like worrying about someone hacking your computer or smartphone.”
Much more pressing than a foreign power remote-steering your car is the ubiquitous overreach of devices and data brokers in our modern lives.
“This data can be valuable, and if it ends up in the wrong hands, it could be misused,” Dr Arachchilage said.
“So, it’s not just about whether someone can control your car but also about who has access to your personal information. Australians should be aware of both risks – cyber threats and privacy issues – when using foreign-made EVs.”
UNSW professor Salil Kanhere says almost all of the data cars gather from sensors, GPS and internal vehicle data, cameras and connected phone apps is sent back to the manufacturers.
Many of them sell this data to brokers, market research companies and advertisers and even turn it over to governments and police without a court order.
“In most instances, users have little control over their data and are even unable to delete personal data,” Professor Kanhere said.
“Transparent privacy policies, secure data storage practices and stringent encryption protocols are essential components of a comprehensive approach to data protection.”
The federal government has brought forward measures to address vendor-based security risks.
This work includes developing a system to assess a vendor’s exposure to foreign ownership, control or influence.
The system will review the data brokerage ecosystem and figure out ways to restrict the unwanted transfer of data to malicious actors, identify Australia’s most sensitive and critical datasets and develop legislative options to mandate cyber security standards for smart devices.
Australia’s cyber intelligence agency, the Australian Signals Directorate, directed questions to Home Affairs.
“The Australian government continues to assess Australia’s technology security policy settings to ensure they remain fit for purpose,” a Department of Home Affairs spokesperson said.
The government recently released a policy direction that requires government entities to identify and report indicators of foreign ownership, control or influence risk.
Edith Cowan University professor of cybersecurity Andrew Woodward says Australian authorities cannot check every model of every highly computerised vehicle coming into the country.
“There is absolutely the potential for a nation-state actor to exploit the systems, not just in EVs but also conventionally powered vehicles, and this has been possible for quite some time,” he said.
“While the threat is, and should be, concerning for Australia’s national security, there is little to no evidence that such activities are or have taken place in the real world.”
Professor Woodward is not aware of any country, including Australia, rejecting EVs on security grounds.
A parallel can be drawn with crash safety ratings: cars with a poor safety rating are still allowed to be sold and driven on Australian roads, but consumers see the rating and make an informed choice.
“I think this provides a blueprint for how a cyber security rating could assist buyers,” Professor Woodward said.
“As a country, we should certainly be concerned and be looking to manage the cyber security risk associated with modern vehicles, but for the average Australian, the risk is very low.”
Last week, the US Commerce Department proposed a ban on the sale or import of smart vehicles that use Chinese or Russian technology.
Secretary of Commerce Gina Raimondo said: “In extreme situations, a foreign adversary could shut down or take control of all their vehicles operating in the United States, all at the same time, causing crashes (or) blocking roads.”
While there is some blurry cyber threat, Australia has no economic alternative. The US has domestic car manufacturers to sustain and protect. The last new car rolled off an Australian assembly line seven years ago.
Having just spent years chipping away at tariffs on our major exports to China, international trade and Australia-Chinese relations experts say there is no economic leeway for Australia to shun the cheap EVs coming out of China.
But factoring in geopolitics and the globalisation of tech giants, “This EVs debate is a small aperture into a potentially very dark security hole from which there may be no escape”, one expert says.
ANU research fellow and Australian-Chinese relations expert Benjamin Herscovitch said there was no “strong distinct rationale” for bans or tariffs on Chinese vehicles because Australia had no manufacturers of its own.
Tariffs would be inflationary and the economic argument “goes the other way”, in that adding tariffs would drive up prices for Australians.
On Friday, Germany was expected to vote against the introduction of European Union tariffs on Chinese electric vehicles, Reuters reports, though it is forecast enough countries will approve and tariffs will be imposed.
German unions have been fighting the tariffs to protect jobs.
“The economic case is strongly in favour of Australia importing from the most competitive/best (value for money) suppliers, which are overwhelmingly Chinese,” University of Adelaide professor Peter Draper said.
“Tesla invested in China for a reason and is being overtaken by Chinese EV producers. The Chinese EV production ecosystem is so powerful that it will likely crowd out other EV producers.”
Because Australia is a major supplier to China for the critical minerals needed in batteries, “the economic benefits multiply several times over” in trading with Beijing.
There is a geopolitical argument to be made for following the US ban on Chinese EVs though, the professor said.
“Most of our (foreign direct investment) is still sourced from the US, and we would not want to jeopardise security relations with the US that could compromise our access to their market,” he said.
“However, this is a negative case and anchored on politics trumping economics.”
When then prime minister Scott Morrison called for an inquiry into the origins of Covid-19 in 2020, China imposed bans on a suite of Australian products.
Trade-crippling tariffs were placed on wine and barley, biosecurity measures ground beef and timber to a trickle and unannounced bans came into effect on coal, cotton and lobster.
The final ban to be lifted – lobster – is expected to be repealed in the coming months.
Both major Australian parties have declared they would not ban Chinese EVs.
“The ALP government is clearly, and for good reason, very averse to doing this,” Professor Draper said.
“If an LNP coalition minority government emerges after the next elections, I think the risk appetite would be higher.”
China banning Google was a good comparison, Professor Draper said, adding Eastern EVs in Western nations present “legitimate security concerns”.
“We really should ask ourselves why China has long banned US IT giants – Google for example – from accessing the Chinese market. Viewed through this prism, the West is playing catch-up to China by recognising the security dilemmas that digitalisation brings.”