Chinese Cars and AI: Navigating the Threat of Hackable Vehicles

Are Chinese organisations hacking the car you’re driving? There has been a lot said about how they could be. 

And it’s not just Chinese-manufactured vehicles that could be targeted, although they may be more vulnerable. Any manufacturer’s vehicle that uses technology or components made in China may also be compromised. 

But are Chinese intelligence gatherers really interested in causing mischievous or dangerous traffic incidences by hacking cars on our roads? I don’t think so. In my view, they have a much bigger objective in mind, and its to do with winning the global Artificial Intelligence (AI) race. 

It’s certainly true that Chinese car sales are on the rise worldwide, and in this country, the sale of MG-badged SUVs is definitely escalating. You can tell that by how many you can see on our roads. And let’s just get one thing clear, they may have an MG badge on the radiator grill, but they are made by Chinese state-owned automotive giant SAIC Motor. SAIC is China’s largest car company building more than 5 million cars a year under various brand names.  

Another Chinese carmaker making waves is BYD, which has emerged as the fastest-growing OEM in 2022. According to the latest data from Jato Dynamics, BYD saw a staggering 184% increase in its sales, translating to over 911,000 units in just one year. This rapid growth has positioned BYD as the second best-selling BEV manufacturer globally, right behind Tesla. Such figures underscore the increasing dominance of Chinese car manufacturers in the global market.

As reported by Motor Trader, the rise of Chinese car manufacturers like BYD isn't just a fleeting trend. Their consistent growth and technological advancements are reshaping the automotive landscape. This underscores the importance of understanding the potential implications of their rapid expansion, especially in the context of data security and AI development.

A Chinese Trojan Horse

But do the Chinese-built vehicles really represent a security risk? According to one report, we are in the throes of handing Beijing the power to immobilise thousands of cars owned by Britons - and many others across Europe and the USA. The Institute of the Motor Industry in the UK has been quoted as saying that the threat of connected electric vehicles flooding the country could be the most effective Trojan horse that the Chinese establishment has ever created. Whereas I’m all for learning from the lessons of history, I think this view may have a touch of hysteria about it.  

But why would any organisation or country want to hack cars or any such views purely a case of cyber-paranoia? No, they’re not. And it’s also not just a malicious attempt to cause accidents and chaos on our roads by hacking into Internet-enabled vehicles and causing traffic mayhem on our motorways.  

Winning the AI Race

The reason why is directly related to the current race to become the world’s most capable and powerful country when it comes to creating and using AI.  

Before going into that, let’s look at the potential for the Chinese to possibly harvest data from internet-linked cars, particularly those operating in 5g-enabled areas.  

Advanced internet-linked vehicles and especially those attaining semi-autonomous status, will absorb and transmit huge amounts of data in any journey. They observe traffic systems and route details, street and building locations, details about the passengers and their habitual journey, local weather patterns, in-car infotainment trends, in fact, a whole raft of data. And that’s just from one car. According to market research and analysis company Statista, there will be close to 400 million internet-connected cars operating globally by 2025. 

Imagine how many Petabytes of data that could generate.  

National Intelligence Law

This sort of data could be accessed by the Chinese government under its National Intelligence Law, which was introduced nearly six years ago as a section of an overall plan to strengthen its internal security and also the regulations by which Beijing can control the activities of companies operating in China. It is part of a number of laws aimed at enforcing the legal basis for the Chinese Communist Party’s security activities and requiring enterprises and organisations to fully cooperate with its requirements.  

In a nutshell, this law states that Chinese companies are legally responsible for providing access and support to the Chinese government when it comes to intelligence-gathering work, and Section 11 within the law authorises Chinese Intelligence agencies to collect and process information about any activities of overseas entities or individuals which may jeopardize the national security and interests of China. 

According to an analysis by Diplomatist, the National Intelligence Law not only mandates Chinese companies to cooperate with intelligence-gathering but also blurs the lines between state and corporate interests. This intertwining of interests raises concerns about the potential misuse of data for reasons beyond mere commercial advantage.

So with that in mind, should we be worried about actual data being harvested from the Chinese-made cars being driven in the UK? 

The answer would seem to be yes.  

Government Car Compromised

In January this year, a UK incident was detected whereby a Chinese surveillance device was discovered in a government vehicle. It was reported that security personnel had discovered a SIM card with the ability to transmit location data from government and diplomatic vehicles. 

The point here is that communication devices can be installed into vehicles without the knowledge of any car manufacturer, provided they have been concealed inside sealed parts from suppliers based in China. 

Take the ubiquitous Electronic Control Unit (ECU) as an example. Many of these are made in China. Hacking-related devices can be installed at the point of manufacturer and then shipped worldwide to numerous car makers. 

These are assembled into the vehicles and are not dismantled and internally checked prior to that because that would negate any warranty on the component, and consequently, the carmaker would be selling a vehicle illegally because it did not comply with the warranty agreement sold with the vehicle. So let’s face it, the car makers are between a rock and a hard place when it comes to this.  

Furthermore, the global surge in the adoption of battery electric vehicles (BEVs) is undeniable. In 2022 alone, the total volume of BEVs skyrocketed by 66%, reaching a whopping 7.37 million units. This is a year-on-year increase of almost 3 million units, surpassing the growth seen between 2020 and 2021. China, being at the forefront of this revolution, accounted for a staggering 53% of these global sales.

There is also concern that car makers BMW, Volkswagen, Volvo and Jaguar Land Rover have partnered with China Unicom (China United Network Communications Group), a Chinese state-owned telecommunications operator, to build 5G connectivity within cars to communicate real-time information through infrastructure and cloud-based services. This is a company that would have to comply with China’s National Intelligence Law and provide intelligence-related data if requested.  

China Unicom was sanctioned by the US in 2022 over national security worries. The Federal Communications Commission voted unanimously to revoke authorisation for the company’s American unit to operate in the US. 

Tight-lipped Car Makers

Not surprisingly, car manufacturers remain guarded about making any statements concerning in-vehicle data security relative to foreign-manufactured components and sub-assemblies they use in their vehicles.  

But hacking cars is not new. There have been numerous hacking experiments whereby computer specialists have gained access and control of an Internet-enabled car, and Tesla vehicles have often been the subject of such tests.  

In one such experiment, a programmer was able to hack more than twenty Teslas in various locations around the world and harvest enormous amounts of information on vehicle movements, driving characteristics, speed, where it re-charged and how long for, what trips it went on and a history of its software updates and maintenance. When more areas become 5G enabled, the amount of data will also include information about the systems working in towns and cities that allow a semi-autonomous car to function. 

But back to the question of why would anyone or any organisation or country want such vast quantities of data from hundreds of thousands of vehicles worldwide? 

Leading-edge Algorithms

The answer is that vast quantities of data are needed to feed AI development, and when it comes to handling vast amounts of data, we know that China is a world leader. It has 173 of the world’s 500 most powerful supercomputers, which is a third more than that of its nearest competitor, the United States. The competition for AI leadership cannot be won without procuring and compiling large-scale datasets and using these to generate leading-edge algorithms that are in advance of competitors. 

As for China, well, the authorities there are only too well aware of the dangers of hacked information from internet-enabled cars falling into the wrong hands. 

In a recent incident, Tesla vehicles were reportedly denied entry into parts of Chengdu, a major 5G-enabled Chinese city that will host the World University Games. President Xi Jinping will attend the opening ceremony. 

Authorities in the city told officials to block Teslas from some areas related to the event and Xi’s visit.  

This is not an isolated incidence; Teslas have been prevented from entering Chinese military complexes and housing compounds in recent years, as well as facing bans from a district that hosts Communist Party events. The curbs stem from concerns about sensitive data being collected by cameras built into the vehicles. 

While China's proactive measures in promoting EV adoption are commendable, it's essential to delve deeper into the broader implications. The rapid growth of the EV market in China, as highlighted by Bo Yu from JATO Dynamics China, isn't just about environmental sustainability. The data collected from these vehicles can be a goldmine for AI development, and with China's National Intelligence Law in place, there's a thin line between data used for technological advancements and potential state surveillance. The global community needs to be vigilant and proactive in understanding these nuances.

So is this just a case of cyber-paranoia by Chinese officials? I think not. It’s more of an indication that they know just how vulnerable internet-enabled cars are to data harvesting and how important that data can be.