cross-posted from: https://lemmy.sdf.org/post/33584974
British firms working for the UK’s military or intelligence services are advising staff not to connect their mobile phones to Chinese-made electric cars over fears that Beijing could steal sensitive national security data.
Executives at two of the nation’s leading defence giants have told The i Paper that the entire sector is taking a “cautious” and “belt and braces” approach to the possibility of the Chinese state spying on staff via the country’s electric vehicles (EVs).
The security clampdown within the UK’s highly secretive defence sector follows revelations from The i Paper that the Ministry of Defence (MoD) has banned cars relying on Chinese technology from sensitive military sites across the country. In some cases, the MoD has asked staff to park their EVs at least two miles from their workplace.
[…]
The latest disclosure of security worries relating to Chinese EVs could also raise concern among some EV buyers, who are increasingly turning to brands like BYD because of their affordability and longer range.
The role of Chinese companies and equipment in critical infrastructure was brought sharply into focus after the government was recently forced to take control of British Steel from its Chinese owner, Jingye Group, to prevent it from closing blast furnaces at the country’s last virgin steelmaking site.
It is understood that the UK’s leading military production groups, including BAE Systems, Rolls Royce, and Raytheon, as well as US defence giant Lockheed Martin and French defence and cyber security firm Thales, are among those firms that have taken precautions against the potential for Chinese EVs to spy on their staff.
[…]
Phone security should be such that nothing can connect or do anything on the phone unless the user allows access. Even for maintenance purposes, it should involve a physical key or something so that charging isn’t potentially giving access to anything on the phone. And have the phone pop up a notification when a connected device tries, so that this can be confirmed. Maybe even have phones give access to a sandbox to see what connected devices are specifically after.
Though I do wonder if the average user would care if they plug their phone in their car and it tells them their car is trying to access their contacts, messages, and browser data. There’s probably a non-trivial amount that would respond by trying to give access because it must need that for a reason.