China’s Electric Car Data Flows Raise Security Concerns
A Norwegian security researcher has sounded the alarm over the amount of data flowing between Chinese electric vehicles and China. Tor Indstøy, a Telenor employee, dedicated his spare time to investigating the NIO ES8, finding that the car transmitted a surprising volume of data back to China.
"We were surprised by the sheer amount of traffic," Indstøy told Norwegian broadcaster NRK. “We didn’t expect that.” His team called their project "Lion Cage" to represent the virtual enclosure they discovered around the vehicle’s data flow.
Indstøy’s findings have raised concerns about the potential security risks posed by these Chinese-made electric vehicles. He urges authorities to closely evaluate the ongoing risk such technology presents to society.
Martin Bernsen, a senior advisor at the Norwegian Police Security Service (PST), acknowledges the blurring lines between commercial technology and the Chinese military.
"The Chinese authorities include commercial technology companies in the modernization of their military," Bernsen explained to NRK. This means technology developed by any Chinese entity could ultimately be accessible to the military.
The Chinese embassy in Norway dismissed the allegations as a "baseless conspiracy," while NIO, the Norwegian importer of the vehicle, emphasized that user information remains under the user’s control.
"Vehicle data is processed, anonymized, and encrypted locally," said Vijay Sharma, spokesperson for NIO, in a statement to NRK. “ This data is not shared with the NIO cloud service unless the user explicitly consents to it.”
<p class="hyperion-css-1lemvax"He and his colleagues, who ran their independent investigation in their free time, named their project “Lion Cage."
This raises concerns about whether Chinese companies are granting the Chinese government unauthorized access to data collected from around the world. The Chinese government has repeatedly denied allegations of tolerating unauthorized data collection abroad, but experts remain skeptical.
Offical: November 29, 2024 8:58 pm Eastern Time
Discuss: https://e24.no
2024-11-29 20:58:00
#Expert #warns #Chinese #electric #cars #E24
## Chinese EV Data Flows: A Security Breach Waiting to Happen?
**World today News sits down with cybersecurity expert Dr. Emily Carter to discuss the alarming findings of a norwegian security researcher regarding data transmission from Chinese electric vehicles.**
**WTN:** Dr. Carter, thank you for joining us. A recent report revealed a Norwegian security researcher discovered a important amount of data flowing from a Chinese-made electric vehicle to servers in China. This has sparked concerns about potential security risks.can you shed some light on the situation?
**Dr. Carter:** Absolutely. This is a serious issue that highlights the growing complexities of cybersecurity in the automotive industry. While connected cars offer astonishing convenience and advancements, they also open new avenues for potential data breaches and misuse. The fact that a relatively simple inquiry could uncover such a large volume of data flowing from a vehicle to possibly unknown entities in China is deeply troubling.
**WTN:** The researcher, Tor Indstøy, dubbed his project “Lion cage” to represent the virtual enclosure he found around the vehicle’s data. Does this analogy ring true to you?
**Dr. Carter:**
The “Lion Cage” analogy is apt. It suggests a containment strategy for data generated by the vehicle, where control and access are potentially limited and dictated by unseen forces. While NIO claims user data is anonymized and encrypted, the sheer volume of information transmitted raises serious questions about what data is actually being collected and how it is being used.
**WTN:** The Norwegian Police Security Service has acknowledged the blurring lines between civilian and military technology in China. this raises the possibility that data collected from these vehicles could be accessed by the Chinese military. How realistic is this threat?
**Dr. Carter:** Sadly, it’s a very real threat. The Chinese government’s history of requiring tech companies to cooperate with intelligence agencies, coupled with the lack of transparency around data usage by Chinese companies, creates a significant vulnerability.
even if NIO itself is not directly sharing data with the military, the possibility of a government mandate or backdoor access cannot be ruled out.
**WTN:** NIO insists user data is under the control of the user. They emphasize anonymization and encryption practices. Should we take their reassurances at face value?
**Dr. Carter:** While NIO’s statements are encouraging, they raise more questions than answers. What constitutes “user consent”?
How strong are the anonymization and encryption measures? Who has access to the decryption keys?
Without rigorous independent audits and obvious data governance policies, these reassurances lack credibility.
**WTN:** What steps should authorities and individuals take to mitigate these risks?
**Dr. Carter:**
This situation underscores the need for much stricter regulations governing data security in connected vehicles.
* **Mandatory audits:** Independent security audits of connected car systems should be mandatory to ensure data protection practices are robust.
* **Data minimization:** Companies should only collect the bare minimum data necesary for vehicle operation, and clearly state what data is collected and how it is used.
* **User control:** Users should have clear control over the data collected, with the ability to easily opt out of data sharing.
**WTN:** dr. Carter, thank you for yoru insights on this crucial issue.
**Dr. Carter:** My pleasure. This is a critical conversation we need to be having as connected vehicles become even more integrated into our lives.
