Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
China Transportation United States Technology

US Proposes Ban on Smart Cars With Chinese and Russian Tech (cnn.com) 93

Posted by msmash from the escalating-matters dept.
The US Commerce Department on Monday will propose a ban on the sale or import of smart vehicles that use specific Chinese or Russian technology because of national security concerns, according to US officials. From a report: A US government investigation that began in February found a range of national security risks from embedded software and hardware from China and Russia in US vehicles, including the possibility of remote sabotage by hacking and the collection of personal data on drivers, Secretary of Commerce Gina Raimondo told reporters Sunday in a conference call.

"In extreme situations, a foreign adversary could shut down or take control of all their vehicles operating in the United States, all at the same time, causing crashes (or) blocking roads," she said. The rule would not apply to cars already on the road in the US that already have Chinese software installed, a senior administration official told CNN. The software ban would take effect for vehicles for "model year" 2027 and the hardware ban for "model year" 2030, according to the Commerce Department. The proposed regulatory action is part of a much broader struggle between the United States and China, the world's two biggest economies, to secure the supply chains of the key computing technology of the future, from semiconductors to AI software. China, in particular, has invested heavily in the connected car market, and inroads made by Chinese manufacturers in Europe have worried US officials.

US Proposes Ban on Smart Cars With Chinese and Russian Tech More | Reply

US Proposes Ban on Smart Cars With Chinese and Russian Tech

Comments Filter:

  • You do not give control of millions of units, each a great kinetic weapon, to a potential adversary. Beyond that, you would expect them to report location and movements home, which is surprisingly useful.

    Let them build and sell the vehicles or components (well... Not Russia, currently), but the vehicles should only run audited American code.

    • Michael Hastings taught us that. (Score:2, Interesting)

      by Anonymous Coward

      > Well we now know why she could confidently said those words--because she know america can remotely control any american cars sold anywhere!

      Michael Hastings already taught us that:

      https://en.wikipedia.org/wiki/... [wikipedia.org]

      >> : "There is reason to believe that intelligence agencies for major powersâ"including the United Statesâ"know how to remotely seize control of a car. So if there were a cyber attack on [Hastings'] car â" and I'm not saying there was, I think whoever did it would probably

    • Re: (Score:2)

      by AmiMoJo ( 196126 )

      On the other hand, if you insist on American code then the NSA is bound to hack it. Who do you want in control of your vehicles, the NSA or the Chinese? /s

      Auditing code is not going to work. Can you even be sure you have seen *all* the code? To stand a chance of working you would need teams working on it, taking cars apart down to the silicon level, and constantly reviewing updates as they come in.

      And how would you lock the car down so that nobody can modify the software? Manufacturers won't be keen on givi

      • Who do you want in control of your vehicles, the NSA or the Chinese?

        For monitoring and tracking, I fear the NSA/FBI/DHS.

        For actual control (crashing or whatever), I fear China. The pagers in Lebanon show what can happen when an adversary controls your tech.

        • Re: (Score:2)

          by AmiMoJo ( 196126 )

          It's probably a waste of time trying to ban foreign software in critical places. Chances are the domestic stuff is just as easy to exploit, even after it's been audited. There are likely a large number of zero day vulnerabilities known only to security services that they are all holding back.

          • There are likely a large number of zero day vulnerabilities known only to security services that they are all holding back.

            Almost certainly there are zero days. The question is what happens if you get int a cold war for example. If the control electronics and software has an entirely NATO based supply chain then you will be able to fix those vulnerabilities. If part of the supply chain is in China then you no longer have a way to be sure what is there and if you accept fixes to it they may well include more malware which makes the situation even worse. DARPA had various competitions to have people provide methods of auditing ch

          • Ultimately, the real solution for this is open source software that is audited by NIST and others, perhaps even other country's intel/COMPUSEC departments. This way, it may expose possible exploits, but it also ensures the code has no hidden weaknesses.

        • The US govt isn't always trustworthy either https://en.wikipedia.org/wiki/... [wikipedia.org] Its a collection of people, and people can be evil, and do evil things.

        • If you don't work with or for the government or other sensitive area, you absolutely should be more worried about your domestic agencies. If you want a clearance, though, you pretty much give up that luxury and let them shove the scope up you whenever they want.

      • Re:Cars are weapons and spies (Score:5, Interesting)

        by Malay2bowman ( 10422660 ) on Monday September 23, 2024 @10:57AM (#64809641)
        "Whatever the solution is, it needs to offer safety even if the car gets hacked." How about a "kill switch" that can be pressed to shut off the main computer entirely, and revert to a bare minimum system that is enough to keep "by wire" systems going, as well as required features such as exterior lights? This minimal system would be bare metal programmed with the firmware in mask ROM. That means no radio, no GPS, and no flashy toys, but you have a car that is entirely under your control for what really matters most, driving.

        • Re: (Score:2)

          by AmiMoJo ( 196126 )

          A kill switch is a good idea. Mechanically connected brakes too, with power assist. Most steering wheels are still connected directly to the wheels too.

        • "Whatever the solution is, it needs to offer safety even if the car gets hacked." How about a "kill switch" that can be pressed to shut off the main computer entirely, and revert to a bare minimum system that is enough to keep "by wire" systems going, as well as required features such as exterior lights? This minimal system would be bare metal programmed with the firmware in mask ROM. That means no radio, no GPS, and no flashy toys, but you have a car that is entirely under your control for what really matters most, driving.

          I love this idea, but can 100% guarantee you it will be fought tooth and nail by both the companies building these vehicles, and the government, probably working together to frame it as for us. "All it takes is one person in minimal mode and road safety goes right out the window for everyone." There ya go. Look forward to that reasoning being why we can't have minimal/manual modes for emergencies. The power players *WANT* that control. Consequences be damned.

        • How about a "kill switch" that can be pressed to shut off the main computer entirely, and revert to a bare minimum system that is enough to keep "by wire" systems going, as well as required features such as exterior lights?

          That is impossible. The issue is that they do not want to have foreign control over your vehicle but they do want to retain control themselves; therefore, what you are asking for can NEVER be delivered. They already regret letting you "own" anything as that gives you the idea that can actually own things. Control will be centralized and you (really, your descendants) will not have any choice. Dystopia is inevitable. Some people just REALLY REALLY want to control everyone else.

      • Re:Cars are weapons and spies (Score:5, Insightful)

        by cayenne8 ( 626475 ) on Monday September 23, 2024 @10:57AM (#64809643) Homepage Journal

        On the other hand, if you insist on American code then the NSA is bound to hack it. Who do you want in control of your vehicles, the NSA or the Chinese? /s

        Well, as an American, I'd say "better the devil you know".

        First thing I'd like is, to NOT have my car connected to anything or anyone...period.

        I don't want anything to be able to communicate remotely to my car....so, no cell SIM system, no radio system connections.

        I don't want to send telemetry to the mothership (or any. other interested parties) and I don't want my car talking to others.

        That would be a huge step to allay my fears.

        They could ax bluetooth too, I have no problem plugging my music player or even phone into a USB connection to the car to play music.

        Frankly, I want as little IT in my car as possible, and intent to hold onto my current manual transmission ICE vehicle for as long as possible.

        • Re: (Score:2)

          by GoTeam ( 5042081 )

          Frankly, I want as little IT in my car as possible, and intent to hold onto my current manual transmission ICE vehicle for as long as possible.

          I feel like unconnected ICE vehicles will greatly increase in value in the next decade. I won't trade mine in for anything made in the last decade.

        • Re: (Score:2)

          by ve3oat ( 884827 )
          Hear! Hear!

          I agree 100%.

          And I would add to the list Keyless Entry. The only "success" of Keyless Entry is that it enables so much almost effortless car theft by suitably-equipped car thieves.

        • On the other hand, if you insist on American code then the NSA is bound to hack it. Who do you want in control of your vehicles, the NSA or the Chinese? /s

          Well, as an American, I'd say "better the devil you know".

          First thing I'd like is, to NOT have my car connected to anything or anyone...period.

          I don't want anything to be able to communicate remotely to my car....so, no cell SIM system, no radio system connections.

          I don't want to send telemetry to the mothership (or any. other interested parties) and I don't want my car talking to others.

          That would be a huge step to allay my fears.

          They could ax bluetooth too, I have no problem plugging my music player or even phone into a USB connection to the car to play music.

          Frankly, I want as little IT in my car as possible, and intent to hold onto my current manual transmission ICE vehicle for as long as possible.

          Sounds like you should join a classic car club. You won't be driving anything that was made after 2006 for the rest of your life.

      • Re: (Score:2)

        by unrtst ( 777550 )

        Auditing code is not going to work. Can you even be sure you have seen *all* the code? To stand a chance of working you would need teams working on it, taking cars apart down to the silicon level, and constantly reviewing updates as they come in.

        How about:
        * No external connectivity to/from the operational parts? You can audit for that fairly well.
        * Then audit the code as well. Yeah, they may hide code, but if you require the full code on original and all updates before those get released, that should cover a lot.

        OS updates? Make them go to a dealer who is certified (IE: to ensure they're using the signed firmware that has been reviewed).

        Car radio, infotainment, bluetooth, etc... ensure those systems are not connected in any way.

        Self driving? Pass.

  • self driving cars can end up blocking roads in an error state / safe stop.

    • Or, they'll cause massive collisions at high speeds, creating all sorts of chaos and many deaths. SDCs all have remote control capability baked right into them because the damned things are so brain-dead that they can get 'confused' and just stop, have to 'phone home' and have a remote human operator bail them out of whatever the problem is, so if that's hacked remotely SDCs could be driven at any speed in any direction, including 100mph into other vehicles.
    • They can, but isolated incidences are manageable. Whereas bricking millions of cars at once would be a national-scale problem.
    • Just like human drivers can lock up roads with their stupidity, and it happens a lot. The advantage of selfdriving cars they can be easily learned new situations that they couldn't handle by a mere update. Humans tend to forget and can't easily learn. We're still at the baby steps of selfdriving cars and yet they already help us deter more and more accidents. Yes they might still create accidents, but far less as human drivers do, at least within a few years.

  • Israeli tech? (Score:4, Insightful)

    by Hoi Polloi ( 522990 ) on Monday September 23, 2024 @10:26AM (#64809545) Journal

    I'd say anything made in Israel is pretty suspect now.

  • This has nothing to do with security... (Score:4, Insightful)

    by Faw ( 33935 ) on Monday September 23, 2024 @10:34AM (#64809565)

    .. this is car manufacturers worried about losing money to cheaper cars (same as the chicken tax, why hasn't this been repealed). If it was about security we wouldn't get anything from china (phones/chips/tv/computers). This is just lobbyists lobbying.

    • Re: (Score:2)

      by GoTeam ( 5042081 )
      I refuse to believe that the US government isn't putting the well being of the citizens above all else! They always act altruistically!! /s

  • open source (Score:5, Interesting)

    by bugs2squash ( 1132591 ) on Monday September 23, 2024 @10:38AM (#64809583)

    It's time for an industry to spring up that allows easy electric conversion for older cars. I'd love an old ford pickup converted to electric. Something that reports nothing to anyone but me and can get me around town.

    The gnarlier looking it is the better - people are more willing to let the car with dents merge into traffic I think

  • I guess it wasn't such a good idea for the US to farm out so much of it's manufacturing base to China. The little gremlins are popping up to bite the US in the ass.

  • You know what's funny? Russian and China too have enacted rules to keep American-made products and software at bay as much as possible for exactly the same reasons. And while I have no great love for either Russia or China, I don't blame them.

    • Not to mention each other - what was it, a Russian customers agent determined by deviations in weights on a bill of lading that Chinese electric kettles entering Russia had wifi spying chips in them? Apparently every power does this.

  • Don't forget Israeli parts... (Score:4, Insightful)

    by dark.nebulae ( 3950923 ) on Monday September 23, 2024 @10:55AM (#64809629)

    Last thing I want is my car exploding if someone thought I was being critical of Israeli policies...

    • if it's an EV, it might be possible for someone to do that remotely. If the battery pack controllers' firmware can be updated remotely, then bad code could be uploaded to it, causing a condition whereby the pack fails catastrophically.
      • I guess no one has heard of a fusible link or thermal fuse.
        • No, I have, and I'd assume any responsible engineer, who understands Li+ cells, would include a last-ditch protection device like those, but nothing is foolproof.

    • ...being critical of Israeli policies...

      What a weird way of saying "indiscriminately launching rockets into populated areas and otherwise blowing up civilians."

  • Is there any way to keep any computers from being built into cars at all? I say without irony that the only three new features since the advent of the horseless carriage that I approve of are the radio, the automatic transmission, air conditioning, and seat warmers. And honestly, most days I can do without the air conditioning, assuming my power windows aren't broken again.
    • Well, okay, four, not three. I forgot about the automatic transmission on my first draft.

      • Re: (Score:2)

        by GoTeam ( 5042081 )
        You left off car hydraulics, the most important feature ever added to a vehicle.

      • Re: (Score:2)

        by anegg ( 1390659 )

        [JARRING CHORD]
        [The door flies open and Cardinal Ximinez of Spain [Palin] enters, flanked by two junior cardinals. Cardinal Biggles [Jones] has goggles pushed over his forehead. Cardinal Fang [Gilliam] is just Cardinal Fang]

        Ximinez: NOBODY expects the Spanish Inquisition! Our chief weapon is surprise...surprise and fear...fear and surprise.... Our two weapons are fear and surprise...and ruthless efficiency.... Our *three* weapons are fear, surprise, and ruthless efficiency...and an almost fanatical devoti

      • Re: (Score:2)

        by Hank21 ( 6290732 )
        Wheels! You forgot wheels!
    • Yes, you can. You design all computer-controlled systems in the vehicle to use read-only memory, and you have no wireless connectivity in the vehicle at all. Firmware and software updates would require physically connecting to the vehicle.
      There's no reason they can't do this, and in fact it would probably be cheaper to produce vehicles this way, but they'd rather be able to access data from the vehicle remotely, data like vehicle performance and driver habits, and in this dystopian age of 'subscriptions fo

      • Re: (Score:2)

        by anegg ( 1390659 )

        There is a lot of risk and only a little benefit to two-way data communications built into current production automobiles. Eliminating the two-way data communications makes much of the risk of remote control, remote monitoring, and remote data collection disappear. I don't want these risks even if they are isolated to domestic sources and so not stem from foreign sources.

        • But see there is no functional difference between 'domestic' and 'foreign' because foreign operators can just use the Internet; if your car is on a cellular network then one way or another it's on the Internet, even if it's behind a firewall of some sort that doesn't mean talented hackers can't find a way in. If you want to eliminate the threat you have to eliminate the connectivity.

  • Tesla next? (Score:4, Interesting)

    by MooseTick ( 895855 ) on Monday September 23, 2024 @11:22AM (#64809719) Homepage

    This seems like a reasonable concern. It would be extremely impactful if China (or anyone) were to brick fleets of cars with a few keystrokes from thousands of miles away.

    So, Musk is known to have contempt for things like redundancy and security. Just look at how he gutted Twitter. With the way he has demonstrated he operates companies under his control, does anyone realistically believe Tesla hasn't already likely been compromised? Are all Teslas waiting for someone to push the "big red button" and cause every single Tesla "listening" to overpower its batteries causing a fire that can't be put out with water? There are nearly 5M Teslas out there right now. Imagine the havoc if just half ignited. It would make the Israli pager hack seem like nothing.

    And the worst part would be it could be extremely difficult to ever be sure who was responsible. Politicians will point the finger pretty quickly at Russia/China/Iran/etc. But, it could also be one of the thousands of high tech FORMER employees Musk has laid off or ripped off. Or, maybe a giant oil producer would do it to set EVs back a decade or more. There are lots of candidates who would not cry if every Tesla was suddenly inoperable or was considered a giant safety hazard.

    While I see the usefulness to disable vehicles that have been stolen or are being chased by police, I also see this being too powerful for any single entity to control. Like they say, with great power comes burning Teslas.

    • Re: (Score:2)

      by Hank21 ( 6290732 )

      ... Are all Teslas waiting for someone to push the "big red button" and cause every single Tesla "listening" to overpower its batteries causing a fire that can't be put out with water? There are nearly 5M Teslas out there right now. Imagine the havoc if just half ignited. ..

      Forget crazy "burn the batteries!" scenario- all one needs to do - with ANY vehicle, is just remotely immobilize them. Think of the chaos caused by millions of vehicles stopped dead on the road. Think about how just stuck car can clog a major artery. Imagine thousands of stuck cars on roads across the nation. Busses too for that matter.

    • This seems like a reasonable concern. It would be extremely impactful if China (or anyone) were to brick fleets of cars with a few keystrokes from thousands of miles away.

      Wait until OnStar is hacked. lol. Everything necessary to shut down all transportation is in place already... unless your car is 20 years old or older. It is a little late to be having these concerns now.

      Someone is going to be in control of your vehicle and it is NOT you. Why would you buy one of these monstrosities?

  • All 'self-driving cars' will also be capable of being weaponized, as all of them will include remote-control capability, and I can't imagine access to that being secure enough that third parties won't be able to hack their way into it and make them do whatever they want.

  • Just ban ALL tech imports from China. Let's face it, the globalization dream has completely failed.

  • ... seriously.

    The REAL impact of this sort of things is a) the Propaganda narrative being peddled and b) eliminating competition.

  • Israel??? (Score:3)

    by Gabest ( 852807 ) on Monday September 23, 2024 @12:43PM (#64809941)

    What if the car suddenly explodes? Intel has engineers from Israel.

  • How about an electric car that is 100% autonomous, never needs connection to any netwok?
    Or how about a car that runs ony open-source software?
    Even an electric car that has NO software? I would buy one...

  • Is only good when the USA are winning itâ¦
    That country is just a bunch of sore losers

  • Just no for Pete's sake (Score:3)

    by RitchCraft ( 6454710 ) on Monday September 23, 2024 @01:47PM (#64810185)

    Simply NO Internet connected features in cars period. Ban the whole damn thing. Everyone has a cell phone. Let the car owner decide if they want to dock their phone to the car turning it into a cell phone on wheels. If some fuckery does happen then simply undocking the phone restores the vehicle to working condition. Software updates to the car should not be able to be performed without physically connecting a device to the OBD2 port. Simple logic but logic seams to elude lawmakers that have deep pockets to fill.

    • The data from your car is valuable. Your behavior can be monitored with your phone acting as a backup to the full monitoring solution.

      (actually, your phone is the primary, but it can be left behind, your car can't as you need it to go somewhere, so your car tracks you and uploads the data constantly. i am honestly surprised that Law Enforcement has not demanded access yet. perhaps it is still too soon and might cause backlash against the tightening noose.)

  • If I cannot operate my car without an internet connection ... then it is a dead lump of metal and plastic in large parts of the world .... so it does not NEED it, so turn off

  • I suspect this is a reaction to Mossad's ability to booby-trap Hezzbollah's pagers. It made clear how vulnerable anyone is to its supply chain being compromised. It is really the end of the global economy. This is probably driven by the threat China's EV industry poses to the domestic car manufacturers market. But the reality is when you start treating imagined potential threats as real threats the list of possible things someone could weaponize is almost endless. And in a connected world with a global sup
  • About Teslas tooling around China for years now collecting the same sort of data the west is worried about.
  • Funny thing is, just as with Huawei the US says they have backdoors for chinese government, but never actually proven it. The only reason they don't want Huawei is because it is too hard for US intelligence services to hack into them. Meanwhile of US hardware it has been proven to have backdoors for US services. We also know Tesla is sending a lot of video/data to their own servers, which US services have access to. And seeing how Tesla seemed to have disabled a cybertruck remotely without the consent of th

  • ... collection of personal data on drivers ...

    Once again, it's only a problem when someone you don't like, does it.

    ... supply chains of the key computing-technology ...

    If US government cared about software supply chains, they'd demand code libraries are tracked same as aircraft parts, software is security-audited by a third party, that data is transmitted and stored encrypted, that personal details (location, anything downloaded from a phone) are not saved. They don't want to remove the spyware. They want their 'enemies' to stop having the same power they give to US corporations.

  • protectionism (Score:3)

    by nicubunu ( 242346 ) on Tuesday September 24, 2024 @02:32AM (#64811847) Homepage

    This is simple and pure protectionism. Made is US hardware and software was surpassed by hardware and software made in China to the point they are unable to compete and the government has no idea than ban the better software. What's next, force Chinese brands to use Windows 95 in their cars or not sell at all?

    Protectionist bans are idiotic. A few years ago most of the software for cars was made in the US and the Chinese were happy to use it. Then a "wise" president instituted the ban, Chinese were forced to make their own software and here we are not: Chinese software is better.

  • One of my big gripes with solar power systems is nearly all of them are built overseas - mainly in China. They have firmware running on the main inverter or all-in-one electronic system central box, the battery management systems, and sometimes other substantial components. Even if some of the firmware is written by the nameplate company that commissioned the particular version of the OEM platform, much of the underlying firmware is apparently built on libraries, development platforms, and application sam

Slashdot Top Deals

Single tasking: Just Say No.

Close