U.S. Proposes Ban on Connected Vehicles Using Chinese and Russian Tech

Avatar
The U.S. Department of Commerce (DoC) said it’s proposing a ban on the import or sale of connected vehicles that integrate software and hardware made by foreign adversaries, particularly that of the People’s Republic of China (PRC) and Russia. “The proposed rule focuses on hardware and software integrated into the Vehicle Connectivity System (VCS) and software integrated into the Automated

The U.S. Department of Commerce (DoC) said it’s proposing a ban on the import or sale of connected vehicles that integrate software and hardware made by foreign adversaries, particularly that of the People’s Republic of China (PRC) and Russia.

“The proposed rule focuses on hardware and software integrated into the Vehicle Connectivity System (VCS) and software integrated into the Automated Driving System (ADS),” the Bureau of Industry and Security (BIS) said in a press statement.

“These are the critical systems that, through specific hardware and software, allow for external connectivity and autonomous driving capabilities in connected vehicles.”

The agency said nefarious access to such systems could enable adversaries to harvest sensitive data and remotely manipulate cars on American roads.

The proposal extends to all wheeled on-road vehicles such as cars, trucks, and buses. Agricultural and mining vehicles are not included.

The BIS said “certain technologies” from China and Russia pose “undue risk” to U.S. critical infrastructure, as well as those who rely on connected vehicles, leading to a potential scenario that could undermine the national security and privacy of U.S. citizens.

“This rule marks a critical step forward in protecting America’s technology supply chains from foreign threats and ensures that connected vehicle technologies are secure from the potential exploitation of entities linked to the PRC and Russia,” said Under Secretary of Commerce for Industry and Security Alan F. Estevez.

Pursuant to the ban, the import and sale of vehicles with certain VCS or ADS hardware or software with a nexus to China or Russia will be prohibited.

It also aims to block manufacturers with ties to the PRC or Russia from selling connected vehicles that incorporate VCS hardware or software or ADS software in the U.S., even if the vehicle was made in the country.

“The prohibitions on software would take effect for Model Year 2027 and the prohibitions on hardware would take effect for Model Year 2030, or January 1, 2029 for units without a model year,” the BIS said.

In a coordinated statement, the White House said the step is a move to ensure that U.S. automotive supply chains are resilient and secure from foreign threats. It added the increasing connectivity of vehicles to U.S. digital networks creates an environment to gather and exploit sensitive information.

“Certain hardware and software in connected vehicles enable the capture of information about geographic areas or critical infrastructure, and present opportunities for malicious actors to disrupt the operations of infrastructure or the vehicles themselves,” the White House also pointed out.

The development comes as internet-connected vehicles have increasingly become yet another avenue for companies to gather valuable data, in some cases going to the extent of capturing highly invasive videos and images via Tesla car cameras and even sharing users’ driving habits with car insurance providers.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

 The Hacker News 

Total
0
Shares
Previous Post

Dozens of Fortune 100 companies have unwittingly hired North Korean IT workers, according to report

Next Post

Necro Android Malware Found in Popular Camera and Browser Apps on Play Store

Related Posts

Apple Opens PCC Source Code for Researchers to Identify Bugs in Cloud AI Security

Apple has publicly made available its Private Cloud Compute (PCC) Virtual Research Environment (VRE), allowing the research community to inspect and verify the privacy and security guarantees of its offering. PCC, which Apple unveiled earlier this June, has been marketed as the "most advanced security architecture ever deployed for cloud AI compute at scale." With the new technology, the idea is
Avatar
Read More

New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools

A newly devised technique leverages a Windows accessibility framework called UI Automation (UIA) to perform a wide range of malicious activities without tipping off endpoint detection and response (EDR) solutions. "To exploit this technique, a user must be convinced to run a program that uses UI Automation," Akamai security researcher Tomer Peled said in a report shared with The Hacker News. "
Avatar
Read More

North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks

The North Korea-aligned threat actor known as Kimsuky has been linked to a series of phishing attacks that involve sending email messages that originate from Russian sender addresses to ultimately conduct credential theft. "Phishing emails were sent mainly through email services in Japan and Korea until early September," South Korean cybersecurity company Genians said. "Then, from mid-September,
Avatar
Read More