UK defence firms warn staff against connecting phones to Chinese-made EVs amid espionage fears

But there is currently no hard ban on Chinese EVs operating near sensitive UK military installations

British defence firms working on sensitive government contracts have reportedly instructed staff not to connect mobile phones to Chinese-made electric vehicles (EVs).

The warning, first reported by The i newspaper, reflects mounting anxiety about the potential exploitation of connected vehicles for cyber-espionage by foreign adversaries.

While mobile phones and computers have long been targeted by cyber spies, experts say today's electric cars, with their suite of sophisticated sensors, connectivity features, and data-sharing capabilities, represent a new frontier in intelligence vulnerabilities.

Rafe Pilling, director of threat intelligence at cybersecurity firm Secureworks, says EVs, particularly those manufactured in China, pose unique risks.

"A modern vehicle that has over the air update capabilities – which is crawling with computers, various radios, Lidar sensors and external cameras – could well be repurposed as a surveillance platform," Pilling told The Guardian.

Chinese car manufacturers such as BYD and XPeng are key players in the global EV market. Their vehicles are increasingly popular in Europe and the UK. However, China's 2017 National Intelligence Law, which obliges citizens and organisations to support state intelligence efforts, raises red flags about how data from these cars might be accessed or misused by Beijing.

"There are lots of opportunities to collect data, and therefore lots of opportunities to compromise a vehicle like that," says Pilling, warning that even a simple Bluetooth pairing between a mobile device and a car could provide a backdoor for data exfiltration.

The warnings appear to be especially targeted at those working within the UK's defence and high-tech sectors.

Joseph Jarnecki, a research fellow at the Royal United Services Institute (RUSI), cautions that professionals in sensitive positions, such as engineers working on next-generation fighter aircraft, should avoid connecting work phones to personal EVs, especially if those cars are made in China.

Nate Drier, a tech lead at cybersecurity company Sophos, notes that many users willingly grant trust permissions when connecting their phones to car systems to access features like music streaming or navigation, often without considering the security implications.

"I would assume most people are allowing that connection to happen so they can have all the benefits of the features on that phone," he said.

The risk isn't limited to personal cars either. Hire cars are also in the spotlight.

It's generally a bad idea to sync your phone with a vehicle that isn't yours, Pilling warns, adding that one can leave behind contacts, call logs and other data.

"Most people forget to wipe this after they leave a hire car," he added.

Despite the concerns, there is currently no hard ban on Chinese-made EVs operating near sensitive UK military installations.

Speaking in Parliament last month, defence minister Lord Coaker said the Ministry of Defence is working across departments to "understand and mitigate" national security threats posed by all types of vehicles.

While there are no "centrally mandated policy restrictions" on Chinese EVs, Coaker acknowledged that individual defence organisations may impose stricter access rules.

Chinese automaker XPeng responded to the concerns by reaffirming its commitment to privacy compliance.

"XPeng is committed to continuously adhering to and complying with applicable UK and EU privacy laws and regulations," a spokesperson said.

The Society of Motor Manufacturers and Traders (SMMT), which represents UK carmakers, also defended industry standards.

"All manufacturers with cars on sale in the UK must adhere to relevant regulations on data privacy, and EVs are no different," the group said in a statement.

It added that vehicle owners can manage and remove paired device data according to manufacturer instructions.