connected cars

ban-on-chinese-connected-car-software-is-almost-ready

Ban on Chinese connected-car software is almost ready

Cars, connected cars / /

However, the ban, as written, is not absolute. Companies can seek authorization to import software or hardware that would otherwise be outlawed, but the request would need to satisfy the US government and possibly be subject to conditions.

There are also exemptions for software for vehicles older than model year 2027 and hardware for vehicles older than model year 2030, including parts imported for warranty or repair work. (The government points out that retroactively applying the new rule would be a little pointless as any harm would already be done by vehicles that had compromised systems that predate it going into effect.)

And the final rule would only apply to light-duty vehicles. Anything with a gross vehicle weight rating of more than 10,000 lbs is exempt but will be dealt with in “a separate regulation tailored to the commercial sector in the coming months.”

Auto industry suppliers probably face the most disruption as a result of the new rule—just the presence of a Chinese-made module in a larger system is enough to trigger the import ban. But there should be little disruption to the US car market, at least for now.

Since the rules only go into effect from model year 2027, the few Chinese-made vehicles on sale in the US—models from Polestar, Volvo, Lincoln, and Buick—may remain on sale. However, Polestar’s Chinese ownership may prove somewhat of a sticking point compared to Ford and GM. Ars notes that lawyers representing Polestar met with the Commerce Department last week—we reached out to the automaker for a comment and will update this piece should we hear back.

Ban on Chinese connected-car software is almost ready Read More »

whistleblower-finds-unencrypted-location-data-for-800,000-vw-evs

Whistleblower finds unencrypted location data for 800,000 VW EVs

Cars, connected cars, data breach, Electric vehicles, EVs, Online Privacy, Volkswagen, vw / /

Connected cars are great—at least until some company leaves unencrypted location data on the Internet for anyone to find. That’s what happened with over 800,000 EVs manufactured by the Volkswagen Group, after Cariad, an automative software company that handles much of the development tasks for VW, left several terabytes of data unprotected on Amazon’s cloud.

According to Motor1, a whistleblower gave German publication Der Spiegel and hacking collective Chaos Computer Club a heads-up about the misconfiguration. Der Spiegel and CCC then spent some time sifting through the data, with which allowed them to tie individual cars to their owners.

“The security hole allowed the publication to track the location of two German politicians with alarming precision, with the data placing a member of the German Defense Committee at his father’s retirement home and at the country’s military barracks,” wrote Motor1.

Cariad has since patched the vulnerability, which had revealed data about the usage of Skodas, Audis, and Seats, as well as what Motor1 calls “incredibly detailed data” for VW ID.3 and ID.4 owners. The data set also included pinpoint location data for 460,000 of the vehicles, which Der Spiegel said could be used to paint a picture of their owners’ lives and daily activities.

Cariad ascribed the vulnerability to a “misconfiguration,” according to Der Spiegel, and said there is no indication that anyone aside from the publication and CCC accessed the unprotected data.

Whistleblower finds unencrypted location data for 800,000 VW EVs Read More »

ban-on-chinese-tech-so-broad,-us-made-cars-would-be-blocked,-polestar-says

Ban on Chinese tech so broad, US-made cars would be blocked, Polestar says

Cars, Chinese EVs, connected cars, Polestar / /

Polestar has more than a few issues with the proposed rule, according to its public comment. For one, the definition is too broad and “creates crippling uncertainty for businesses.” A better-defined list would be helpful here, it says.

Polestar also says that “if a large portion of manufacturing or software development is occurring outside of the country of a foreign adversary, mere ownership should not be the determinative factor for applying the various prohibitions within the Proposed Rule.” Polestar is a US-organized company and a subsidiary of a UK publicly limited company that is listed on the NASDAQ exchange in New York. Its HQ is in Sweden, and seven out of 10 board members are from Europe or the USA. It builds Polestar 3 SUVs in South Carolina and will build the Polestar 4 in South Korea from next year. In fact, out of 2,800 employees, only 280 are based in China, Polestar says.

With the company’s “key decision-makers” being in Sweden, there is little reason to believe the national security concerns apply here, the company says, saying that the US Commerce Department should consider whether it has gone too far.

Polestar may be the most affected automaker by the new rule, but it is not the only one. Last month, the Commerce Department told Ford and General Motors that imports of the Lincoln Nautilus and Buick Envision—both of which are made in China—would also have to cease under the new rule.

Ban on Chinese tech so broad, US-made cars would be blocked, Polestar says Read More »