Yes, Chinese EVs could turn into ‘spy cars.’ So could Teslas and any modern vehicles
Any modern car with an Internet connection poses privacy and potential physical safety risks.
Canadians tempted by low-priced Chinese EVs should know those vehicles could, potentially, be used to spy on them – and worse.
They should also know the same holds for any modern car.
Ontario Premier Doug Ford has dubbed Chinese-made electric vehicles “spy cars” and urged Canadians to boycott them after Ottawa agreed to import small quantities of them in a recent deal with Beijing. Federal Conservative Leader Pierre Poilievre has similarly dubbed the cars “roving surveillance operations.” And policy analysts have long warned that even private Chinese companies can legally be forced to spy for Beijing.
In fact, eavesdropping isn’t even the worst of it. Talk to a cybersecurity expert if you want to hear hypotheticals that sound like sci-fi horror. The nightmare scenario is one in which, say, all cars of a certain type suddenly freeze in the middle of the road or accelerate erratically. It wouldn’t take many of them to clog a country’s streets with accidents.
In 2023, Reuters reported that some Tesla employees had privately shared highly sensitive videos captured by customers’ car cameras, including one of a man walking toward a vehicle completely naked and one showing a Tesla hitting a child on a bike.
Things aren’t much better today, according to David Shipley, chief executive officer at Beauceron Security, a cybersecurity firm. If anything, risks have increased. Nearly half of the cars on the roads in Canada today are always connected to the internet. Software controls almost every function of the vehicle, and automakers collect data on anything from geolocation to drivers’ behaviour and, in some cases, biometric information.
Security researchers have skewered automakers for lax standards. But even if the industry excelled at detecting and addressing vulnerabilities, patching software bugs is a game of whack-a-mole.
That’s why Mr. Shipley would like to see Canada adopt some guardrails. Among them is a switch-off feature that would allow consumers to manually disconnect a car from the internet. Another is mandatory, independent testing of both smart cars and the infrastructure that supports them.
Also, Mr. Shipley argues, automakers, along with tech companies, should have to comply with comprehensive data-privacy standards backed by regulators willing to impose big fines, as is the case in the European Union under the block’s General Data Protection Regulation
Read the Full Story at The Globe and Mail