Australia's Cybersecurity Regulations Lag on Chinese-Made Cars
Severity: High (Score: 60.9)
Sources: Thewest.Au, Thenightly.Au
Published: · Updated:
Keywords: australia, cars, behind, cybersecurity, years, warning, rules
Summary
Australia is facing significant cybersecurity risks from the increasing popularity of Chinese-made electric vehicles (EVs). An MP has highlighted that these internet-connected cars can collect sensitive data, which may be accessed by foreign intelligence services under the laws of the manufacturers' countries. The Australian Signals Directorate has issued warnings about the potential misuse of this data. Liberal MP Mary Aldred criticized the slow regulatory response, comparing it unfavorably to actions taken by the US against similar threats. She noted that Chinese EVs, such as those from BYD, have captured a substantial market share, with 8.3% of new car sales in April. Aldred emphasized the need for urgent regulatory reform to protect consumer and government data. The situation raises concerns about domestic violence, corporate espionage, and broader national security implications. The current government has not implemented restrictions similar to those placed on Huawei in 2018. Key Points: • Chinese-made EVs pose cybersecurity risks due to data collection capabilities. • Australia's regulatory response is significantly lagging behind that of its security partners. • Liberal MP Mary Aldred calls for urgent reforms to protect sensitive data from foreign access.
Detailed Analysis
**Impact** Australian consumers and government personnel using Chinese-made electric vehicles (EVs) are at risk due to potential unauthorized access to sensitive data, including audio/video recordings, call/message logs, location data, and biometric details such as weight and facial scans. BYD captured 8.3% of the new car market in April 2026, with its Sealion 7 model ranking seventh in sales, indicating significant market penetration. The broader automotive sector is affected as 93% of new vehicles sold in Australia within five years are expected to be internet-connected, increasing exposure across private and public sectors nationwide. Potential consequences include domestic privacy violations, corporate espionage, and national security risks. **Technical Details** The threat vector involves internet-connected vehicles equipped with GPS, Bluetooth/USB connectivity, remote smartphone control, and advanced infotainment systems capable of collecting extensive personal and operational data. Chinese manufacturers may be compelled under their national laws to provide data access to foreign intelligence services. No specific malware, CVEs, or infrastructure details are provided in the articles. The threat is primarily at the data collection and exfiltration stages of the kill chain. No IOCs are mentioned. **Recommended Response** Defenders should prioritize regulatory updates to explicitly include connected vehicles under the Privacy Act and Cyber Security Act. Monitoring for unauthorized data transmissions from vehicles and enforcing strict data minimization and retention policies with manufacturers are critical. Agencies should track developments from the Australian Information Commissioner’s investigations into data practices by automotive companies. In the absence of specific technical mitigations, organizations should monitor network traffic from connected vehicles and review access controls on vehicle data interfaces.
Source articles (2)
- Warning that Australia's rules on cars and cybersecurity lags behind our security partners — Thenightly.Au · 2026-05-20
Australia is years behind in dealing with the cybersecurity risks from Chinese-made cars as they become some of the country’s most popular vehicles, an MP has warned. Australia is years behind in deal… - Warning that Australia's rules on cars and cybersecurity lags behind our security partners — Thewest.Au · 2026-05-20
Australia is years behind in dealing with the cybersecurity risks from Chinese-made cars as they become some of the country’s most popular vehicles, an MP has warned. Internet-connected cars can colle…
Timeline
- 2026-05-20 — MP warns about cybersecurity risks from Chinese EVs: Liberal MP Mary Aldred highlighted the risks posed by Chinese-made cars, which are increasingly popular in Australia.
- 2026-05-20 — Australian Signals Directorate issues warning: The ASD warned that data collected by internet-connected cars could be exploited by foreign intelligence services.
- 2026-05-20 — BYD becomes second-highest selling car brand in Australia: Chinese EV maker BYD captured 8.3% of Australia's new car market in April, raising security concerns.
Related entities
- Australia (Country)
- Japan (Country)
- South Korea (Country)
- CWE-200 - Exposure of Sensitive Information (Cwe)