James Titcomb Technology Editor

The car was 12 miles away – but the hackers may as well have been inside it. Over a wireless connection, the small group was able to unlock the Tesla Model S’s doors, open its boot while in motion and – most concerningly – activate the brakes.

The demonstration, from security researchers at the Chinese technology company Tencent, was no more than that. The Tesla vulnerability was not used on the road, and the company fixed the problem. 

But when disclosed eight years ago, it was seen as a worrying sign: that as cars became increasingly technologically sophisticated, with critical functions controlled by centralised computer systems, they also became more vulnerable.

Since then, hacking cars has become a regular stunt at cybersecurity conferences. But there is a growing fear that they will not even have to be hacked. What if vehicles could be controlled not by cyber criminals, but by hostile states?

Last week the Biden administration raised the alarm about the growing prevalence of Chinese components in electric and future self-driving vehicles, as it outlined plans to ban components “with a sufficient nexus” to China.

The US Department of Commerce said it planned to prohibit Chinese parts related to vehicle connectivity and automated driving, saying that “malicious access” could allow enemies to “remotely manipulate cars on American roads”.

“Cars today have cameras, microphones, GPS tracking and other technologies connected to the internet. It doesn’t take much imagination to understand how a foreign adversary with access to this information could pose a serious risk to both our national security and the privacy of US citizens,” Gina Raimondo, Biden’s commerce secretary, said.

To cynics, the move could be seen as just another step in an escalating trade war with China, which is preparing to flood the world’s markets with cheap electric vehicles. China’s foreign ministry called the move “discriminatory”.

But security experts say there is a genuine growing fear that the West is becoming exposed to Chinese components under the hood as vehicles become smarter and more connected.

James Lewis, a former US official at the Centre for Strategic and International Studies, said officials involved in drafting the proposed ban became increasingly concerned about Chinese interference after revelations this year that a state-backed hacking network called Volt Typhoon had been lying dormant inside US critical infrastructure for years, after compromising internet-connected devices in ports and utilities.

“It was the finding that the Chinese attacked American critical infrastructure and put malicious software on critical infrastructure, that was a lot of what drove this,” said Lewis. “If they’re willing to do that, what else are they willing to do? Suppose the day that something bad happens in Taiwan, they turn off all the cars in San Diego.”

Chinese electric vehicle makers are becoming increasingly ambitious about Western markets. More than one in five electric vehicles sold in the UK are now made in China, according to Jato Dynamics. 

But that underestimates China’s influence, since Chinese companies dominate production of certain components. Companies such as Quectel, Fibocom and Sunsea are not household names, but are the biggest sellers of cellular internet of things modules (CIMs), which are now widely used in cars to connect to the internet and collect GPS location data – as well as transmit it back to source.

Biden administration officials said it was not enough merely to dis-incentivise the sale of Chinese vehicles, since modules such as this could be sold inside Western cars. Lewis said one likely reason for the ban’s lengthy timeline – some of the planned restrictions will not be in place until 2029 – was to give time for German manufacturers to find alternative suppliers.

Chinese companies are the biggest sellers of CIMs, which are used to connect to the internet and collect GPS location data Mark Andrews/Alamy Stock Photo

Beijing has never been proven to be using vehicle supply chains to spy on the West (although a Chinese tracking device was reportedly found inside a UK government vehicle last year). But rising tensions between the West and China mean the possibility is enough.

Companies including Huawei, TikTok and Hikvision have all been banned or restricted in some way, in part because companies headquartered in China must follow the country’s national security laws requiring them to hand over data when requested.

“You have to cooperate with the intelligence and security apparatus when you’re required to,” said Charles Parton, a former UK diplomat who was based in China. “When you don’t obey the party in all respects, the leaders of these companies will find themselves under charges of corruption, and companies won’t get the sorts of subsidies that helped make them so successful.”

Parton recently contributed to a report calling for a ban on Chinese CIMs in official vehicles, warning that they could be “weaponised”. 

The report pointed out that the Ministry of Defence (MoD) is among the government bodies that have bought Chinese electric cars, procuring them from MG, which is owned by the Chinese state-controlled SAIC. A spokesman for the MoD said: “We procure vehicles in line with all government procurement regulations.”

Ciaran Martin, the former head of the National Cyber Security Centre (NCSC), GCHQ’s defence arm, dismissed concerns that someone in China could take control of thousands of cars. “They’re not capable of magic. I don’t think it will be helpful for this to be seen as, ‘If we don’t do this, then Beijing will be able to press a button and take any car at once off the road.’ It’s way more complicated than that.

“[But] there is an espionage risk, and you don’t want to make that any easier.” 

Martin warned that simply banning Chinese parts risks ignoring wider security vulnerabilities as vehicles become more connected. 

“If you take this as an isolated policy, it’s not enough.”

Britain has taken a more relaxed approach to Chinese vehicles. It has so far declined to introduce the heavy tariffs that the EU and US have introduced. A government spokesman said the Department for Transport and NCSC “continue to work to understand and respond to potential threats in the automotive sector” and pointed to international security standards for connected vehicles championed by the UK.

Martin said he expected that Britain would ultimately follow the US with a wider crackdown on Chinese parts. “If the past is any guide, the UK will probably end up doing something similar,” he said. “Decoupling is happening.”

Disclaimer: The copyright of this article belongs to the original author. Reposting this article is solely for the purpose of information dissemination and does not constitute any investment advice. If there is any infringement, please contact us immediately. We will make corrections or deletions as necessary. Thank you.