US Proposes Ban on Smart Cars With Chinese and Russian Tech (cnn.com) 69
The US Commerce Department on Monday will propose a ban on the sale or import of smart vehicles that use specific Chinese or Russian technology because of national security concerns, according to US officials. From a report: A US government investigation that began in February found a range of national security risks from embedded software and hardware from China and Russia in US vehicles, including the possibility of remote sabotage by hacking and the collection of personal data on drivers, Secretary of Commerce Gina Raimondo told reporters Sunday in a conference call.
"In extreme situations, a foreign adversary could shut down or take control of all their vehicles operating in the United States, all at the same time, causing crashes (or) blocking roads," she said. The rule would not apply to cars already on the road in the US that already have Chinese software installed, a senior administration official told CNN. The software ban would take effect for vehicles for "model year" 2027 and the hardware ban for "model year" 2030, according to the Commerce Department. The proposed regulatory action is part of a much broader struggle between the United States and China, the world's two biggest economies, to secure the supply chains of the key computing technology of the future, from semiconductors to AI software. China, in particular, has invested heavily in the connected car market, and inroads made by Chinese manufacturers in Europe have worried US officials.
"In extreme situations, a foreign adversary could shut down or take control of all their vehicles operating in the United States, all at the same time, causing crashes (or) blocking roads," she said. The rule would not apply to cars already on the road in the US that already have Chinese software installed, a senior administration official told CNN. The software ban would take effect for vehicles for "model year" 2027 and the hardware ban for "model year" 2030, according to the Commerce Department. The proposed regulatory action is part of a much broader struggle between the United States and China, the world's two biggest economies, to secure the supply chains of the key computing technology of the future, from semiconductors to AI software. China, in particular, has invested heavily in the connected car market, and inroads made by Chinese manufacturers in Europe have worried US officials.
Cars are weapons and spies (Score:2, Interesting)
You do not give control of millions of units, each a great kinetic weapon, to a potential adversary. Beyond that, you would expect them to report location and movements home, which is surprisingly useful.
Let them build and sell the vehicles or components (well... Not Russia, currently), but the vehicles should only run audited American code.
Michael Hastings taught us that. (Score:1)
> Well we now know why she could confidently said those words--because she know america can remotely control any american cars sold anywhere!
Michael Hastings already taught us that:
https://en.wikipedia.org/wiki/... [wikipedia.org]
>> : "There is reason to believe that intelligence agencies for major powersâ"including the United Statesâ"know how to remotely seize control of a car. So if there were a cyber attack on [Hastings'] car â" and I'm not saying there was, I think whoever did it would probably
Re: (Score:2)
On the other hand, if you insist on American code then the NSA is bound to hack it. Who do you want in control of your vehicles, the NSA or the Chinese? /s
Auditing code is not going to work. Can you even be sure you have seen *all* the code? To stand a chance of working you would need teams working on it, taking cars apart down to the silicon level, and constantly reviewing updates as they come in.
And how would you lock the car down so that nobody can modify the software? Manufacturers won't be keen on givi
Re: (Score:2)
Who do you want in control of your vehicles, the NSA or the Chinese?
For monitoring and tracking, I fear the NSA/FBI/DHS.
For actual control (crashing or whatever), I fear China. The pagers in Lebanon show what can happen when an adversary controls your tech.
Re: (Score:2)
It's probably a waste of time trying to ban foreign software in critical places. Chances are the domestic stuff is just as easy to exploit, even after it's been audited. There are likely a large number of zero day vulnerabilities known only to security services that they are all holding back.
Re: (Score:2)
There are likely a large number of zero day vulnerabilities known only to security services that they are all holding back.
Almost certainly there are zero days. The question is what happens if you get int a cold war for example. If the control electronics and software has an entirely NATO based supply chain then you will be able to fix those vulnerabilities. If part of the supply chain is in China then you no longer have a way to be sure what is there and if you accept fixes to it they may well include more malware which makes the situation even worse. DARPA had various competitions to have people provide methods of auditing ch
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
If you don't work with or for the government or other sensitive area, you absolutely should be more worried about your domestic agencies. If you want a clearance, though, you pretty much give up that luxury and let them shove the scope up you whenever they want.
Re:Cars are weapons and spies (Score:4, Interesting)
Re: (Score:2)
A kill switch is a good idea. Mechanically connected brakes too, with power assist. Most steering wheels are still connected directly to the wheels too.
Re: (Score:2)
"Whatever the solution is, it needs to offer safety even if the car gets hacked." How about a "kill switch" that can be pressed to shut off the main computer entirely, and revert to a bare minimum system that is enough to keep "by wire" systems going, as well as required features such as exterior lights? This minimal system would be bare metal programmed with the firmware in mask ROM. That means no radio, no GPS, and no flashy toys, but you have a car that is entirely under your control for what really matters most, driving.
I love this idea, but can 100% guarantee you it will be fought tooth and nail by both the companies building these vehicles, and the government, probably working together to frame it as for us. "All it takes is one person in minimal mode and road safety goes right out the window for everyone." There ya go. Look forward to that reasoning being why we can't have minimal/manual modes for emergencies. The power players *WANT* that control. Consequences be damned.
Re:Cars are weapons and spies (Score:5, Insightful)
Well, as an American, I'd say "better the devil you know".
First thing I'd like is, to NOT have my car connected to anything or anyone...period.
I don't want anything to be able to communicate remotely to my car....so, no cell SIM system, no radio system connections.
I don't want to send telemetry to the mothership (or any. other interested parties) and I don't want my car talking to others.
That would be a huge step to allay my fears.
They could ax bluetooth too, I have no problem plugging my music player or even phone into a USB connection to the car to play music.
Frankly, I want as little IT in my car as possible, and intent to hold onto my current manual transmission ICE vehicle for as long as possible.
Re: (Score:2)
Frankly, I want as little IT in my car as possible, and intent to hold onto my current manual transmission ICE vehicle for as long as possible.
I feel like unconnected ICE vehicles will greatly increase in value in the next decade. I won't trade mine in for anything made in the last decade.
Re: (Score:2)
I agree 100%.
And I would add to the list Keyless Entry. The only "success" of Keyless Entry is that it enables so much almost effortless car theft by suitably-equipped car thieves.
Re: Cars are weapons and spies (Score:2)
Re: (Score:2)
Well, as an American, I'd say "better the devil you know".
First thing I'd like is, to NOT have my car connected to anything or anyone...period.
I don't want anything to be able to communicate remotely to my car....so, no cell SIM system, no radio system connections.
I don't want to send telemetry to the mothership (or any. other interested parties) and I don't want my car talking to others.
That would be a huge step to allay my fears.
They could ax bluetooth too, I have no problem plugging my music player or even phone into a USB connection to the car to play music.
Frankly, I want as little IT in my car as possible, and intent to hold onto my current manual transmission ICE vehicle for as long as possible.
Sounds like you should join a classic car club. You won't be driving anything that was made after 2006 for the rest of your life.
Re: (Score:2)
Auditing code is not going to work. Can you even be sure you have seen *all* the code? To stand a chance of working you would need teams working on it, taking cars apart down to the silicon level, and constantly reviewing updates as they come in.
How about:
* No external connectivity to/from the operational parts? You can audit for that fairly well.
* Then audit the code as well. Yeah, they may hide code, but if you require the full code on original and all updates before those get released, that should cover a lot.
OS updates? Make them go to a dealer who is certified (IE: to ensure they're using the signed firmware that has been reviewed).
Car radio, infotainment, bluetooth, etc... ensure those systems are not connected in any way.
Self driving? Pass.
Re: (Score:2)
Well, let's start here...and work our way backwards....
Re:What about phones? (Score:4, Informative)
That seems like an even bigger problem.
The software and critical components in phones are not made in China.
The software is mostly American. The CPUs are made in Taiwan.
Re: (Score:2)
The software and critical components in phones are not made in China.
The software is mostly American. The CPUs are made in Taiwan.
Hezbollah thought they were made in Hong Kong the supply chain was hacked they were made in Hungary apparently with the identity of the Hong Kong company. Think about the number of Clone phones that look just like an iphone or samsung most people would not be able to tell the difference
Re: (Score:2)
self driving cars can end up blocking roads in an (Score:2)
self driving cars can end up blocking roads in an error state / safe stop.
Re: (Score:2)
Re: (Score:2)
Israeli tech? (Score:3)
I'd say anything made in Israel is pretty suspect now.
Re: (Score:3)
Re: (Score:2)
What if it's the Serbian Jew Double Bluff (TM)?
Re: (Score:2)
Except the exploding devices were not made in Israel. The trick with intelligence coups of that sort is to have no visible connection to the items. We can ban Chinese cars and Chinese software, but can we stop them from infiltrating open-source systems either directly or through third parties?
(bold by me) Why are you dragging that into this conversation? Those exploding pagers weren't open source, and neither were the radios. They can be nearly anywhere in the supply chain and do this.
Re:Israeli tech? (Score:4, Insightful)
This has nothing to do with security... (Score:3)
.. this is car manufacturers worried about losing money to cheaper cars (same as the chicken tax, why hasn't this been repealed). If it was about security we wouldn't get anything from china (phones/chips/tv/computers). This is just lobbyists lobbying.
Re: (Score:2)
open source (Score:5, Interesting)
It's time for an industry to spring up that allows easy electric conversion for older cars. I'd love an old ford pickup converted to electric. Something that reports nothing to anyone but me and can get me around town.
The gnarlier looking it is the better - people are more willing to let the car with dents merge into traffic I think
Cottage industry (Score:5, Informative)
There is a small cottage industry of EV conversion fabricators. A lot of the stuff they use is off the shelf.
https://www.electrifiedgarage.... [electrifiedgarage.com]
This is the home base of Rich Benoit, better known as Rich Rebuilds on Youtube, one of my absolute favorite channels. He's done insane EV conversions, including an original Mini, a Harley, and an off-road side by side. He also, more famously, dropped a Chevy LS1 in a Tesla model S (named ICE-T) which involved cutting the car in half and reassembling it to build a transmission tunnel.
Re:open source (Score:4, Informative)
It's time for an industry to spring up that allows easy electric conversion for older cars
That industry has already started to spring up, although the focus is more on restoring classic cars than the type of straightforward conversion you're seeking.
Here's a list of 10 companies in the United States who are doing conversions now.
https://revival.autos/electric-classic-car/in-depth-look-at-the-top-10-electric-car-conversion-companies-in-the-usa/ [revival.autos]
And another list, courtesy of Motor Trend.
https://www.motortrend.com/reviews/futureproof-classic-car-to-ev-electric-car-conversions/ [motortrend.com]
Re: (Score:2)
Re: (Score:2)
Yeah what I've seen is that costs more than a new Tesla and I assume is less warrantied too.
Ruh-roh! (Score:2)
Re: (Score:3)
It goes both ways (Score:2)
You know what's funny? Russian and China too have enacted rules to keep American-made products and software at bay as much as possible for exactly the same reasons. And while I have no great love for either Russia or China, I don't blame them.
Re: (Score:2)
Don't forget Israeli parts... (Score:3)
Last thing I want is my car exploding if someone thought I was being critical of Israeli policies...
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
...being critical of Israeli policies...
What a weird way of saying "indiscriminately launching rockets into populated areas and otherwise blowing up civilians."
I Can't Drive 8086 (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
wind shield wipers,
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
There's no reason they can't do this, and in fact it would probably be cheaper to produce vehicles this way, but they'd rather be able to access data from the vehicle remotely, data like vehicle performance and driver habits, and in this dystopian age of 'subscriptions fo
Re: (Score:2)
There is a lot of risk and only a little benefit to two-way data communications built into current production automobiles. Eliminating the two-way data communications makes much of the risk of remote control, remote monitoring, and remote data collection disappear. I don't want these risks even if they are isolated to domestic sources and so not stem from foreign sources.
Tesla next? (Score:3)
This seems like a reasonable concern. It would be extremely impactful if China (or anyone) were to brick fleets of cars with a few keystrokes from thousands of miles away.
So, Musk is known to have contempt for things like redundancy and security. Just look at how he gutted Twitter. With the way he has demonstrated he operates companies under his control, does anyone realistically believe Tesla hasn't already likely been compromised? Are all Teslas waiting for someone to push the "big red button" and cause every single Tesla "listening" to overpower its batteries causing a fire that can't be put out with water? There are nearly 5M Teslas out there right now. Imagine the havoc if just half ignited. It would make the Israli pager hack seem like nothing.
And the worst part would be it could be extremely difficult to ever be sure who was responsible. Politicians will point the finger pretty quickly at Russia/China/Iran/etc. But, it could also be one of the thousands of high tech FORMER employees Musk has laid off or ripped off. Or, maybe a giant oil producer would do it to set EVs back a decade or more. There are lots of candidates who would not cry if every Tesla was suddenly inoperable or was considered a giant safety hazard.
While I see the usefulness to disable vehicles that have been stolen or are being chased by police, I also see this being too powerful for any single entity to control. Like they say, with great power comes burning Teslas.
So will all so-called 'self-driving cars' (Score:2)
Half-measures (Score:2)
Just ban ALL tech imports from China. Let's face it, the globalization dream has completely failed.
yeah it's just Russian and Chinese vehicles... (Score:1)
... seriously.
The REAL impact of this sort of things is a) the Propaganda narrative being peddled and b) eliminating competition.
Israel??? (Score:2)
What if the car suddenly explodes? Intel has engineers from Israel.
Re: (Score:2)
The US govt loves terrorist Israel.
Something good may come from this.... (Score:2)
How about an electric car that is 100% autonomous, never needs connection to any netwok?
Or how about a car that runs ony open-source software?
Even an electric car that has NO software? I would buy one...
Re: (Score:2)
".. that has NO software"
so wetware?
Competition (Score:1)
Is only good when the USA are winning itâ¦
That country is just a bunch of sore losers
Just no for Pete's sake (Score:3)
Simply NO Internet connected features in cars period. Ban the whole damn thing. Everyone has a cell phone. Let the car owner decide if they want to dock their phone to the car turning it into a cell phone on wheels. If some fuckery does happen then simply undocking the phone restores the vehicle to working condition. Software updates to the car should not be able to be performed without physically connecting a device to the OBD2 port. Simple logic but logic seams to elude lawmakers that have deep pockets to fill.
Any car that needs a connection is suspect ... (Score:2)
If I cannot operate my car without an internet connection ... then it is a dead lump of metal and plastic in large parts of the world .... so it does not NEED it, so turn off