As the automotive industry charges forward into the age of smart technology and electric vehicles (EVs), a growing chorus of voices is sounding the alarm over the cybersecurity risks posed by connected cars—especially those made in China.

While all connected vehicles collect data and face vulnerabilities, tensions between China and Western powers have added a sharper edge to the debate, turning what might once have been considered a technical issue into a matter of national security.

The Digital Risks of a Connected Ride

Modern vehicles are now essentially rolling computers—wirelessly updated, perpetually online, and capable of collecting staggering amounts of data. A single smart car can generate up to 1,400 gigabytes of data per hour. Though much of that is quickly discarded, even a small percentage transmitted to manufacturers can reveal extensive information about a user’s driving habits, voice commands, biometric identifiers, and even smartphone contents.

This data is often shared beyond the carmaker itself, reaching insurance companies, third-party affiliates, and in some cases, government agencies.

Alongside privacy concerns, the risk of hacking looms large. In vehicles where acceleration, braking, and steering can be remotely accessed, a cyberattack could potentially give a malicious actor total control over a car—an outcome with catastrophic implications.

Adding to these concerns is the fact that manufacturers retain the ability to control their vehicles remotely. This was vividly illustrated during the early stages of the war in Ukraine, when agricultural machinery looted by Russian forces was remotely disabled by U.S. manufacturer John Deere.

While these vulnerabilities affect all smart vehicles, Chinese EVs are receiving heightened scrutiny due to escalating geopolitical friction—particularly between China and the United States.

The central concern is that Chinese vehicles operating abroad may serve as tools for state surveillance. Officials and analysts warn that the vast streams of data sent back to China could be mined not just for individual intelligence but also for broader insights into traffic flows, logistical patterns, and even national infrastructure. This data could theoretically be used to train military-grade AI or inform strategic operations.

The worry is not merely hypothetical. Under China’s National Intelligence Law, domestic companies can be compelled to cooperate with state intelligence agencies. This creates a legal framework in which data from Chinese-made vehicles could be requisitioned by the government.

In May 2024, U.S. Commerce Secretary Gina Raimondo underscored the threat, saying, “You can imagine the most catastrophic outcome theoretically if you had a couple million cars on the road and the software were disabled.”

Ironically, China itself has imposed restrictions on Tesla vehicles entering sensitive locations within its own borders, citing data security concerns. The move reflects Beijing’s own understanding of the risks involved in connected vehicles.

It’s not just the cars themselves that raise red flags. Experts point to specific components—especially cellular IoT modules (CIMs)—as a major vulnerability. These tiny devices enable cars to connect to the internet, receive over-the-air software updates, and communicate with other systems.

China holds a dominant position in this space. By the end of 2022, Chinese firms accounted for 64% of global CIM sales, controlling around 75% of IoT connections worldwide. Companies like Quectel and Fibocom lead the market, prompting concerns about over-reliance on potentially compromised hardware.

British analyst Charles Parton has been vocal in warning that the only way to eliminate the security risk would be to “ban any Chinese module in any vehicle.” He and others argue that Chinese-made CIMs could theoretically be used to exfiltrate data or even disable vehicles remotely.

To date, there is no public evidence of such capabilities being used for espionage or sabotage. However, critics argue that the potential is too serious to ignore. Others caution that any proven misuse would come at great legal and reputational cost to the Chinese companies involved—costs that may serve as a deterrent.

As Western regulators and security agencies take a harder look at Chinese involvement in automotive technology, the industry finds itself at the intersection of innovation and international tension. The promise of a connected driving experience is shadowed by fears that every data point could become part of a broader strategic contest.

With both sides alert to the risks, and no sign of geopolitical tensions easing, the debate over Chinese-connected cars is unlikely to fade from the headlines anytime soon.