Shortly after an operation attributed to Israel reportedly caused Hezbollah operatives’ pagers and walkie-talkies to explode, warnings circulated on Lebanese social media advising civilians to discard not only pagers and cell phones but even electric vehicles.
The rationale was clear: walkie-talkies, cell phones and electric cars all rely on batteries—potentially explosive ones. But is it actually possible to remotely trigger an electric vehicle to catch fire or cause an accident?
Experts note that the risk, if any, lies in the ability to "communicate" with a vehicle through the internet—a capability now common across most modern vehicles, not just electric ones. Many newer cars, regardless of fuel type, are equipped with internet connectivity, and all electric vehicles are by nature "connected."
As for potential damage, electric vehicles are powered by large, high-capacity lithium-ion batteries, which are highly flammable and much harder to extinguish than gasoline fires.
Just last month, an electric Mercedes caught fire in a South Korean underground parking garage, leading to a blaze that destroyed 140 cars. Israeli fire services have indicated that such fires, if sustained for hours, can compromise a building’s structural integrity, rendering it uninhabitable.
Should someone seek to weaponize a vehicle, they could theoretically interfere with the car’s operating system remotely, potentially overriding driver controls. Another, though so far unreported, method would involve tampering with the vehicle’s battery to trigger damage.
EV for eavesdropping
The Defense Ministry is addressing potential security concerns posed by connected electric vehicles, which can be transformed into “eavesdropping stations” through remote access to onboard recording systems, especially cameras.
In response, media systems in some leased Chinese-manufactured Chery vehicles already in use by the IDF are being disabled as a precaution before deployment.
The ministry is now preparing a new tender to procure 10,000 leased vehicles, with an estimated 20% expected to be electric. Although key requirements for the tender have been established, discussions on vehicle data security protocols are still ongoing.
How these protocols will function in electric vehicles remains undetermined. Disabling external cameras, for instance, could interfere with driving capabilities or safety features, while blocking network updates might prevent necessary recall notifications.
According to security experts, connected vehicles could be vulnerable to attacks on various fronts. Hackers could exploit unmediated network connections to send false data or disrupt systems—a tactic known as a “man-in-the-middle” attack. Direct physical access to vehicles’ onboard diagnostic ports (OBD) also presents risks, as these connections allow for external diagnostics and monitoring.
In extreme cases, vehicle manufacturers themselves could become targets, leading to data theft or compromised information flow to connected vehicles. While automakers have not reported direct attacks aimed at disrupting vehicle communications, cyberattacks targeting proprietary information have increased in recent years.
Hostile takeover through diagnostics ports
In recent months, Israel has faced incidents involving vehicle thefts through cyber intrusions at the Onboard Diagnostics (OBD) ports. The local distributor of BYD was compelled to upgrade the software in thousands of vehicles after reports that operatives in the Palestinian Authority obtained specialized tools allowing direct access to BYD OBD ports, enabling vehicle theft within seconds.
While currently used for profit-driven theft, the possibility of more advanced hacking tools raises concerns about future risks, such as overriding vehicle systems to endanger occupants. However, OBD-based attacks still require physical access to each vehicle, preventing widespread incidents.
Another pressing concern with electric vehicles is the potential risk from lithium-ion batteries. When improperly maintained, these batteries could present a fire hazard that is difficult to control, although incidents remain statistically rare and are less frequent than fires in gasoline or diesel vehicles.
Modern electric vehicles are designed with extensive safety mechanisms to minimize the risk of battery fires, typically requiring significant physical damage for such events to occur.
Is what's good for the Americans good for us?
Amid growing concerns over cybersecurity and data privacy, the U.S. government recently announced plans to ban sales of internet-connected vehicles containing Chinese software or hardware. This potential legislation, introduced by the U.S. Department of Commerce, aims to restrict Chinese automakers—and even some foreign manufacturers with Chinese parent companies, such as Volvo—from selling connected vehicles that could pose a security threat to American drivers and infrastructure.
The primary concerns cited include the potential for Chinese companies to collect sensitive data on U.S. drivers and critical infrastructure, as well as fears over foreign control of key vehicle functions, including braking systems. While Chinese-made cars are not currently sold in the U.S., the legislation represents a proactive stance to address these cybersecurity risks.
Fearing Chinese EVs while owning Chinese phones?
The U.S. government’s push to block Chinese carmakers from its markets may stem from broader concerns than cybersecurity alone, industry experts suggest. Amid fierce competition with global auto manufacturers, Chinese automakers have gained market share in South America, challenging established German brands.
A source in the auto industry told Calcalist: “The idea that Chinese carmakers are out to steal data is absurd. We’ve never heard concerns from customers about data theft. What data could be stolen—maintenance schedules and orthodontist appointments?” They argue that Tesla, a U.S. company, constantly records its surroundings, yet few voice concerns over it. “If these worries were real, everyone would need to toss their Chinese phones, TVs and even vacuum cleaners.”
Still, the Chinese government’s data policies mean that there is valuable data to be considered, says Yuval Winreb, founder of Understanding China consultancy. “China treats data as a strategic resource, with laws enacted five years ago mandating companies to share user data with the government,” he explains.
“Cars are essentially computers on wheels, equipped with microphones, cameras and location services, all of which collect personal information.” Winreb believes companies seek data primarily to enhance services, but reminds that “all Chinese companies are legally obligated to report collected data.”
Winreb notes that cybersecurity layers can mitigate threats, but remote control over a vehicle’s systems, such as disabling a cooling unit, remains hypothetical. “The risk of such an attack by a terrorist group is close to zero,” he adds.
Get the Ynetnews app on your smartphone: