Comment

China could use its electric cars to attack the West

Data espionage has become the signature weapon of the Chinese party state

BYD electric cars waiting to be loaded onto a ship are seen stacked at the international container terminal of Taicang Port in Suzhou
The West is bracing for a wave of Chinese-built electric cars Credit: STR/AFP via Getty Images

“Beijing could remotely stop electric cars manufactured in China on UK roads” sounds like the stuff of dystopian nightmares, but this is the real world in March 2024.

MPs have been warned that EVs could be jammed remotely should UK-China relations deteriorate significantly.

But this shouldn’t come as a shock. Electric cars, for all the praise they may receive from politicians eager to burnish their green credentials, have become a sinister threat to the West.

Consider how, just last year, warnings were issued that Chinese tracking devices had been found embedded in the electronics of Downing Street vehicles. At the time, Sir Richard Dearlove, the former head of MI6, warned Chinese EVs could become the “next Huawei”. 

It all felt like something you might expect to read in a le Carre thriller updated for the digital age.

If this story were a spy novel, the device would have been planted by a daring mole within the government system.

But this is the age of the Internet of Things (IoT), and yet another proof of what can be done simply by saturating your target country with products that contain a digital Trojan horse.

This is now the signature weapon of the Chinese party state – industrial-scale cyber espionage capabilities weaponised through normal export trade.

And that means that we could all soon be in the firing line, not just early adopters in the EV revolution.

‘Smart’ technology, which is spreading rapidly through the brave new  IoT, makes use of an interactive component called a ‘cellular IoT module’ or CIM.

These are currently used in all electric vehicles (EVs), but also in smart energy meters, some cameras, speaker and heating systems and even doorbells.

The essence of CIMs is that they collect various types of data, according to the  type of equipment they are installed in. They then share it with other parts of an internet-connected network, from which they in turn can receive data.

Unless this is expressly disabled , e.g. by a user password, CIMs are also continuously connected to their original manufacturers, which may use them to conduct remote repairs and updates.

The risk from CIMs thus becomes obvious. Not only cyber attackers, but also the originators of the CIM can use it to gain access to the data from the device.  A single compromised device somewhere in the wider network can also be used for cyber attacks on other parts of the network.

The only real defence against this risk, in the everyday IoT, is to buy  smart equipment from reliable sources which set out to protect security.  

In April 2023, the US House of Representatives passed a bill to protect US Embassy data from compromise by telecoms equipment sourced from Chinese companies deemed to be ‘untrusted foreign entities’.

Over the last five years, a growing number of Western governments have accepted that China seeks to drain data from targets of state interest using conventional equipment as well as incessant streams of sophisticated cyber attacks.

By degrees, some US allies and partners have begun to strip suspect equipment out of their 4G and 5G structures, in a complex and costly attempt to close the stable door.

But to date, there has been much less attention paid to the increasingly ubiquitous CIM. Many governments, save for their security services,  still  don’t know what the acronym stands for.

For all of us – given that we might be thinking of buying a cheap and trendy Chinese EV, ‘a device to control our hot water and heating at home or numerous other innocuous-sounding and useful applications – a red flag needs to be hoisted.

China, as usual ahead in this game of industrial-scale data collection by stealth, supplies more than 60pc of the world market for CIMs. There is a good chance that one of these may already be sitting in our homes or cars, potentially accessible by the Chinese state – what the UK Government euphemistically refers to as an “epoch-defining challenge to the international order”.

A moment’s reflection can be salutary in grasping what’s at stake.

In democracies where privacy, civil liberties and freedom of speech are valued, if we care about privacy at all, we tend to assume that adequate data protection legislation is in place to protect us. A Western EV manufacturer recently sacked employees who eavesdropped on voice recordings and images retrieved remotely from a customer’s EV. But other EV producers are less scrupulous.

China has many thousands of data analysts using powerful super-computer algorithms to home in on foreign intelligence and other exploitable information.

No wonder the Downing Street security team were reportedly so rattled when the car yielded up its hostile capability.

We can be very sure that no time or effort would be spared, in the highest echelons of the Chinese intelligence and security services, in poring over every iota of data harvested from a Downing Street vehicle. 

This level of security breach is a potential game-changer in times like the present when it is vital not to let the guard down for a second.

Aside from its uniquely dangerous proliferation of nuclear and other weapons of mass destruction, the greatest threat the Chinese communist party state poses is its capacity to weaponise data.

Not only does information obtained from countless technical sources cover most conventional peacetime intelligence and targeting requirements, it also enables an enemy to gather immensely sensitive military secrets.

Readers may recall that by simple tracking of US vehicles seen in military car parks over time, it was possible to identify top-secret sites where a given set of these had also been spotted. Such knowledge could enable hostile missile strikes with disastrous consequences.

Civil societies will be the first victims of cyber warfare, so potentially disruptive that it could entirely paralyse the normal workings of the state.

Since the time of Sunzi, Chinese strategists have aimed to win the war before the fighting starts.

China has managed to work its way into more elements of UK critical national infrastructure than it is comfortable to contemplate.

There are even softer and easier targets, alas.

As a motor industry expert warned last week, before an long, unless we halt the influx of Chinese electric cars, epoch-defining challengers in Shanghai could literally press a few buttons and thousands of Chinese EVs on British motorways would slam on the brakes, causing carnage and utter paralysis of the road system.

There is still time to avoid this, and the Government must do what is needful.

License this content