top of page

Intel Report on espionage capability of Chinese cars


 


 

Trojan horses en mass  

The western market has experienced a sharp increase in the sales of Chinese produced cars in recent years. While Chinese cars used to be almost unavailable on the western market due to safety standards, by failing them horribly, the newest products are not held back by this. Brands such as Build Your Dreams (BYD), Xpeng, Nio and Great Wall all have seen a surge in sales in for example Europe, ranging from +100% to over +400% sales. The Polestar brand has already been popular in Europe for the past years, but these days both itself as well as the Volvo parent company are Chinese owned. Another example is the brand MG, with a heritage of British sports cars, the brand is now in Chinese ownership. While the safety of the vehicles is not up to question anymore, the data security they (don’t) provide should be very much so.


You can only fear, what you can imagine 

What implies Chinese cars would be used for spying? Last year, China banned Teslas from driving in and around certain locations or events. Additionally, government officials and employees were prohibited from owning and driving Teslas. The reason? China accused the cars for potentially being used as espionage equipment. The accusation itself is enough to raise suspicion on any new car China produces and exports to Europe, the US or anywhere else in the world. This is because if China can imagine that Teslas could be used for such a purpose, China can certainly imagine using their cars for such means abroad. 

Precedence (is extensively discussed on pg.4, two examples found here)

Huawei:

Chinese phone company Huawei has already been banned or restricted across the EUand the US, because of security concerns related to the personal data of users being distributed to Chinese intelligence. This was preceded in multiple nations with a ban on Huawei use for government officials. 

Tesla:

Ironically, Tesla has actually been caught for spying on their customers. However, data was not being used for government purposes (as far as publicly known). Tesla employees were caught intersharing private moments/conversations of people’s lives which were deemed entertaining to watch, caught by the exterior and interior cameras of their vehicles. Additionally, it was discovered that the videos were geolocated and linked to customers. 

European brands:

Although there is no publicly known precedence on this, it is more likely than not that these brands are used for spying by European actors. What is very important in this is awareness of which brands were previously European, but are now Chinese owned (as discussed on pg. 1). 


Thank you for all your data

Modern luxury cars come with an array of gadgets and instruments on board. The most interesting for the subject at hand being both out- and inward facing cameras, microphones, gps systems, internet connection and phone connectivity. 

Cameras and microphones

Modern cars come equipped with outboard (and some even inboard) cameras. These are not only used for safety systems on board, but also as recording devices. The recording function is marketed as a replacement for traditional dashcams, being able to deliver both video as well as audio in case of for example a crash. This function can easily be used to record people, events and locations out and inside of the car, which it can then share elsewhere for further analysis. Classified government conversations, classified locations or even corporate secrets can be revealed, located and analyzed as a consequence. 

GPS systems

GPS systems are a standard built in feature in modern luxury cars. These systems are always on, even when not used for navigation. Just like phones, these systems will be able to establish behavioral patterns and important locations visited by persons of interest, even if these are not inserted into the GPS system manually. 

Internet connection

Most modern EVs come with internet connection, not only for the operator of the vehicle, but also for ‘over the air’ updates for the vehicle itself. This connection to the internet can not just download data to the car for an update, but just as easily upload data to the factory of the car. In the case of Chinese built cars, sensitive information could be shared to Chinese government departments. This can range from GPS data, audio and video footage to phone data. Which brings us to the last option:

Phone connectivity

Connecting a phone to a car in order to be able to listen to your own music, call handsfree or send texts through voice control functions may seem innocent enough. However, this function gives the car access to all of the phone's communication data, and sometimes even the photo gallery. The security risk then does not only fall on the operator of the car, but also anyone who communicates with that person. Chat history can be shared, and phone calls recorded. This can then be shared to whoever is interested in the data in China. 


Balancing act

An obvious first response to counter this security threat would be to ban Chinese cars outright, however, this is not a realistic solution. German car manufacturers have a very big market share in China itself, and any ban on Chinese cars would be very likely to automatically invoke a counter ban on European cars in China.  This will bring not only significant short and long term monetary damage to those car manufacturers, but also hurt diplomatic and trade relations with China. 

A more realistic approach could be for governments and corporations to place a ban on Chinese cars for their own employees. This is comparable to the ban on Huawei phones governments had for their employees, before the outright nationwide ban on the phones. 

One way to possibly ban certain models or brands, could be to investigate model by model whether the cars are capable or are in fact actually sharing data with their companies, beyond what is allowed under local law. In the EU, the GDPR law would then be able to stop certain cars from being sold. This however would be a time consuming feat. 


Is There Really A History Of Chinese Spying? 

Recent history is rife with allegations against Chinese companies regarding surveillance and espionage, not all unfounded. The narrative intertwines actual incidents with geopolitical tensions and industries tied to Chinese manufacturing, such as surveillance equipment, telecommunications, and robotics. Concerns are amplified by China's ambiguous intellectual property laws and the presumption of state involvement in corporations.


Key players in these allegations include Lenovo, Huawei, ZTE, and DJI. Lenovo faces scrutiny for its devices in government networks, and DJI for its drones used in government operations. Huawei and ZTE, while consumer favorites, are also under suspicion. These companies' state affiliations vary: Lenovo has indirect state connections, Huawei is a state-owned enterprise with private oversight, ZTE is not CCP-owned but is government-dependent, and DJI asserts its independence. However, evidence, mostly classified or leaked, is sparse.


Hikvision and Dahua, implicated in potential data leaks to the Chinese government, faced a UK ban. TikTok, a ByteDance product, is scrutinized for data privacy and potential misuse for Chinese state purposes. An internal ByteDance investigation revealed unauthorized access to US user data.


Chinese laws notably influence these concerns. The National Intelligence Law of 2017, for instance, obligates all Chinese organizations and citizens to support state intelligence work. This law intensifies fears that companies could be compelled to assist in intelligence operations or surrender data if requested by the government. Critics argue this law effectively blurs the lines between corporate operations and state intelligence objectives.


The concerns about Chinese corporate espionage are multifaceted, rooted in legal obligations, product nature, ownership structures, and broader geopolitical tensions. While Taiwanese companies like Foxconn face less suspicion despite delegating some operations to China, Chinese firms are scrutinized for potential collaboration with the Chinese government, highlighting a complex landscape of security concerns and international relations.


At this point, many of the concerns regarding Chinese surveillance via electronic devices can be validated by the explicit actions of the Chinese threat actors through various cyber campaigns, and less through the quiet subterfuge of “Trojan Horse” devices. 


What is wisdom? 

In the current world where not just the Chinese, but every new (electric) car is outfitted with cameras, microphones, internet connection and phone connectivity, it is a matter of choosing not IF you’re going to be spied on, but by who. Whether governmental or corporate, it is important to be aware of the capacities and capabilities of modern cars. 

While it is difficult for governments to outright ban certain car brands from the market, it is more plausible to forbid governmental employees to drive specific brands. For companies, this can be more difficult, depending on the local employment laws.


 

Intel Report on espionage capability of Chinese cars
.pdf
Download PDF • 5.47MB

 

203 views0 comments

Commentaires


bottom of page