news

한어Русский языкEnglishFrançaisIndonesianSanskrit日本語DeutschPortuguêsΕλληνικάespañolItalianoSuomalainenLatina

Recently, a user of a smart car brand posted on social media that when renting the smart car of the brand, he found that the camera in the car was prone to accidentally recording, but he did not have the authority to view and delete photos. Although the staff of the smart car brand said that the photos had been manually deleted after the car was returned at the user's request, the user is still deeply worried about this and his privacy is still at risk of being leaked. This news is a microcosm of the frequent privacy and security incidents of smart cars in recent years.

With the in-depth development of intelligent network technology, the functions of automobile network are becoming increasingly rich. While bringing unprecedented convenient experience to users, the risk of user privacy leakage has increased significantly, which not only poses a threat to consumers' privacy security, but also poses new challenges to the automotive industry to improve the level of user privacy protection. According to incomplete statistics, since 2020, there have been more than 2.8 million malicious data attacks on related companies such as vehicle manufacturing and Internet of Vehicles information service providers in China. Since 2023, there have been more than 20 data leakage incidents related to automobile companies in China.

In order to effectively respond to industry technical challenges in the field of privacy protection in intelligent connected vehicles and help protect user privacy and security, China Automotive Evaluation and Research plays the mission of "national team of automobile evaluation" and widely contacts industry experts to carry out research and experimental verification of privacy protection evaluation systems. In June 2024, it released the world's first privacy protection evaluation system for intelligent connected vehicles, making it an important part of the 2024 version of the China Intelligent Connected Vehicle Technical Specification (C-ICAP) officially implemented in July.

It is understood that the 2024 version of the C-ICAP privacy protection evaluation rules has constructed a privacy protection evaluation system from two dimensions: network communication protection (anti-intrusion and tampering) and personal information protection (anti-peeping and theft).

Specifically, the network communication protection has two indicators: basic security protection and personal information protection. Basic security protection focuses on positively verifying the effectiveness of network communication security technical means, focusing on two data transmission channels, vehicle WiFi and vehicle Bluetooth, and three vehicle unlocking methods, radio frequency key, NFC key, and mobile phone APP unlocking, to carry out evaluations from the aspects of security vulnerabilities, common risk items, etc. Attack defense protection focuses on reverse simulation of attackers' attack ideas, methods and paths to verify the effectiveness of technical means, focusing on components or modules with frequent network attack incidents such as CAN bus, vehicle IVI, V2X, etc., and using two technical means of real network attack and simulated network attack for evaluation.

Personal information protection evaluates vehicle-side personal information protection and mobile-side personal information protection. Vehicle-side personal information focuses on the processing strategies and processes of sensitive vehicle-side personal information and general personal information, such as information collection authorization, collection prompts, access authorization, data deletion, transmission encryption, etc. Mobile-side personal information protection focuses on the evaluation of personal information protection of mobile car control apps, such as whether there is excessive information collection.

In the wave of automobile intelligence, user privacy and security are the bottom line that automobile companies must adhere to and the red line that cannot be crossed. As the "national team of automobile evaluation", China Automotive Evaluation has taken the initiative to promote the innovation and upgrading of regulations. It has launched the privacy protection unit for the first time in the 2024 version of C-ICAP, which transforms the privacy protection level of intelligent connected cars, which is difficult for users to intuitively perceive, into a specific and quantifiable evaluation system. It will not only provide clear guidance for automobile companies to improve the privacy protection design of intelligent connected cars, but also provide consumers with professional and objective evaluation results to help consumers identify the privacy and security risks of intelligent cars. It is expected that the in-depth implementation of the 2024 version of C-ICAP will push the technical level of user privacy protection of intelligent connected cars to a new level, realize the all-round protection of user privacy, and let consumers truly enjoy the convenience and fun brought by the intelligence of automobiles.