Smart vehicles use advanced technology to increase your personal safety, and this same technology… [+] Increases the attack vector for malicious attackers.
getty
Imagine driving a car that is aware of your daily routine, monitors the traffic around you, and can even call for help in an emergency. That’s wonderful. But what if that same car could leak your location to others or be remotely controlled by foreign hackers?
The US government is currently proposing a ban on automotive software and hardware from China and Russia, with a focus on connected car components that can pose both security risks and privacy threats to US drivers. There is.
As the Department of Commerce explains, the proposed rule would require foreign-made vehicle connectivity systems (VCS) and automated driving systems (ADS), the very devices that allow cars to function as “smart devices” on wheels. It targets technology.
These systems provide meaningful conveniences such as GPS, emergency braking, and lane keeping. But they also make vehicles vulnerable to cyber-attacks, potentially allowing hackers to take control of critical systems remotely, and if exploited on a large scale, could threaten both individual drivers and national security. may pose a threat.
Trade-offs between physical safety and safety cybersecurity
Modern vehicles are equipped with connectivity systems such as Wi-Fi, Bluetooth, mobile phone and satellite links. These technologies enable real-time updates, navigation, and even life-saving features such as collision avoidance and automatic braking, making driving safer by assisting drivers with critical decisions.
Automated driving systems (ADS) further improve safety by handling complex driving tasks such as adaptive cruise control, lane keeping, and emergency braking. However, all connectivity features also create what cybersecurity experts refer to as an “attack surface,” or potential points through which a hacker can gain access to your system.
Imagine if a hacker exploited your vehicle’s connectivity to prevent it from braking or accelerating. The US government is trying to reduce this type of risk by focusing on vehicle connectivity and ADS components in countries such as China and Russia.
As explained in a press release from the Bureau of Industry and Security, VCS or ADS components could theoretically allow these governments to monitor or interfere with U.S. roadways, which could pose a threat to public safety. This is an impactful scenario.
Consumer privacy: Your car knows more than you think
In addition to cyber risks, connected cars pose unique privacy challenges for consumers. When synced with your smartphone, these cars collect vast amounts of data about your driving habits, location history, and even contact information.
As a digital forensics expert, I have seen first-hand the vast amounts of data collected by connected cars. These systems manage everything from GPS navigation to music streaming to phone connectivity and continuously record details about a driver’s habits, routes, and even personal communications.
When performing forensic analysis on these systems, it is clear that they are collecting more than just “driving data.” Smart car systems store call logs, text message data, location history, and even Wi-Fi connections. This data provides a comprehensive picture of a person’s daily activities, preferences, and even social interactions.
This data helps personalize the driving experience, but it also creates privacy vulnerabilities. When connected cars are resold, leftover data often remains stored in cloud systems or within the vehicle’s internal systems, where it can be accessed by the new owner.
Privacy advocates have warned that if these systems rely on components from China or Russia, those countries’ domestic data-sharing requirements could give foreign governments access to the data they collect. This is why the United States is focusing on “trusted” suppliers of these components and seeking to protect consumer data from unauthorized access.
We have crash safety ratings, but what about cyber?
Proposed rules restricting Chinese and Russian auto technology in U.S. cars could result in significant changes for consumers, impacting both vehicle prices and available features. As explained in Foley and Lardner LLP’s analysis, manufacturers may face increased costs as they seek to replace foreign-made parts with alternatives that meet new compliance standards. This adjustment could mean an increase in sticker prices and possibly the removal of certain high-tech features to avoid potential vulnerabilities.
But the implications of this proposal go beyond cost. It represents a change in thinking about vehicle safety. Until now, consumers have primarily relied on traditional crash safety ratings to assess vehicle safety. This new regulation highlights the growing importance of cybersecurity and data privacy as core to overall vehicle safety, especially as vehicles become increasingly connected to external networks.
Forbes Your car is spying on you and sharing data with third parties By Lars Daniel
As a result, car buyers may soon need to value digital security as much as crash test ratings. When choosing a car, understanding how well a vehicle’s data systems are protected can be just as important as knowing how it performs in a crash. This shift highlights a future where data protection will be an integral part of vehicle safety and it will be essential for consumers to consider both physical and digital safety measures.
