MG Cyberattack concerns

Everest

Everest

Established Member
Joined
Nov 13, 2024
Messages
528
Reaction score
636
Points
200
Location
UK
Driving
Not an MG
Does anyone know on here what remote control the Chinese have over MG4's if you don't sign up for the iSmart connectivity option? I am guessing that the car may still send data to the Chinese (location, charging patterns etc.), but presumably not identified with an individual under GDPR regulations.

But, of more concern, is whether data can be sent in the other direction (from China to the MG4), which could be used to disable the car, or remove certain features?

This may sound far-fetched and some may think I'm being paranoid... but this type of attack has taken place by other Chinese manufacturers (not car related) to remotely disable their products in the USA.

Obviously, remotely disabling an MG could be useful to stop a car thief, bank robber, or a murderer on the run - or even disabling a stolen-and-not-recovered vehicle or a Cat-A / cat-b car that got repaired.

But remote access could be used maliciously by either the Chinese directly or by hackers to cause mayhem. Or more subtly to restrict areas cars are used in - e.g. what's to stop the Chinese from disabling all MG4 that were imported into the UK via other means than franchised dealers, for example.

Thoughts?
 
Last edited:
Well I know a few people (some friends) who would never buy a Chinese car for that reason, so there is a real suspicion out there for sure.
 
We have already seen an extreme example of what a Government can do with any product. Find out where a product is made and intercept it in transit then modify to your spec and ship on.

Too many things to worry about in the World and if you follow the, what is possible, you would probably live off grid and be self sufficient

www.bbc.co.uk

Hezbollah pagers and walkie-talkies: How did they explode and who did it?

The attacks left at least 32 dead and thousands injured, but how the blasts occurred remains unclear.
www.bbc.co.uk
 
Eve said:
Does anyone know on here what remote control the Chinese have over MG4's if you don't sign up for the iSmart connectivity option? I am guessing that the car may still send data to the Chinese (location, charging patterns etc.), but presumably not identified with an individual under GDPR regulations.

But, of more concern, is whether data can be sent in the other direction (from China to the MG4), which could be used to disable the car, or remove certain features?

This may sound far-fetched and some may think I'm being paranoid... but exactly this type of attack has just taken place over the weekend from one of the largest Chinese solar PV inverter manufacturers to remotely disable a large number of their inverters in the USA and possible in UK and Pakistan too. Details are still emerging, but it seems that inverters that were imported on the grey-market were targeted - see full details here (if you want to wade through the 4000+ postings, that is)
diysolarforum.com

CHINA kills all non Sol-Ark branded DEYE unit in the USA this morning.

Ethics-wise you are literally shutting down equipment homeowners paid for and depend on to fit some twisted business strategy. literally seeing dozens of people call me all morning, and I never even sold Deye EDIT 11/19/24 After this issue has turned out to be a strategy to disable and "brick"...
diysolarforum.com diysolarforum.com

If that can be done to an inverter, then presumably it could be done to a car too? Obviously, remotely disabling an MG could be useful to stop a car thief, bank robber, or a murderer on the run - or even disabling a stolen-and-not-recovered vehicle or a Cat-A / cat-b car that got repaired.

But remote access could be used maliciously by either the Chinese directly or by hackers to cause mayhem. Or more subtly to restrict areas cars are used in - e.g. like the grey-imported inverters; what's to stop the Chinese from disabling all MG4 that were imported into the UK via other means than franchised dealers, for example.

Thoughts?
Click to expand...
Doesn't just have to be a Chinese car it can also be Chinese components in cars, read an article and it was an Audi with some Chinese made computer components, it was on about pairing your phone and uploading your phone book to the car, people were ticking no but the car was still dumping their phones anyway and the info was being fed back to servers.
 
Last edited by a moderator:
If the OTA function is activated then MG can send any data it likes even bypassing any acceptance process. It's like remote access on computer. If your car is serviced by an MG dealer and results updated to the service records it may include your personal details or it can be obtained from DVLA.

Just don't use the car and you're safe. 🙂
 
Just because it is not used does not mean it does not exist. Hence my post starting with 'If'. It was included in the original publicity and I seem to remember somewhere on this forum a poster (from Thailand?) said they had an OTA update.
 
Yes logs from the car are sent & it is possible for them to send stuff to the car
The gateway in the car has a firewall & pin
When updates are applied the gateway firewall is turned off, this would make it harder for hackers
 
Hmmm... in which case does anyone know where the presumably 4G aerial is? Can it be unplugged or surrounded by a Faraday cage?
 
and should Keith Starmer do a deal with China, as he's on his way there apparently, if you own a Tesla, the US will shut down those cars and since they use OTA, all of your data is being siphoned off to servers in the US, maybe government servers. I would trust the Chinese FAR more than the Americans. Who has been bombing and starting conflicts over the last couple of decades? - not China, they've been quiety doing business in Africa and south America, far, far better long term outlook than dropping bombs and trying to force 'democracy' on people who have their own cultures. One reason I will never, ever by a Tesla is Elon Musk's deluded mind thi king he;s some sort of politician and trying to interfere in the politics of European countries.
 
Eve said:
Hmmm... in which case does anyone know where the presumably 4G aerial is? Can it be unplugged or surrounded by a Faraday cage?
Click to expand...
The radio aerial is the bottom two lines on the rear windscreen. No idea about the GPRS/mobile aerial.
 
Eve said:
Hmmm... in which case does anyone know where the presumably 4G aerial is? Can it be unplugged or surrounded by a Faraday cage?
Click to expand...
This is what the refit manual states:

Communication Antenna
The communication antenna is fitted on the instrument desk.

…no idea where this is though, but it does appear to be terminated in a plug;

1732039813602.png
 
It's possible, but unlikely, that every MG electric vehicle has a remote control kill switch somewhere in the circuitry linked to the data connection that hasn't yet been discovered. But what's the worst that can happen? Your car doesn't start one day. I'd worry more about MG running out of replacement parts during the warranty period and then trying to void warranties. That seems more likely.

Edit to say that Tesla already has this functionality built in, Musk has apparently remotely bricked at least one cybertruck deliberately... https://edition.cnn.com/2024/09/20/...rov-musk-tesla-cybertruck-disabled/index.html
 
We have enough to fear from our own governments to lose sleep over something like this. And big business is even worse. I highly doubt China’s government cares about any of us as much and as creepy as Meta or Google does. I haven’t had social media in over 5 years and use a VPN, and my wife still knows when I’ve been looking at tractors for sale online because Instagram recommends them to her in their ads… if it’s connected to the web, you have no privacy.

This of course is on a consumer level, I do agree with certain politicians and say heads of intelligence agencies etc. being told to think twice about what car they drive. Because I do believe China is interested in the political climate of other nations, but then again which government isn’t?
 
ReintjeWA said:
I haven’t had social media in over 5 years and use a VPN, and my wife still knows when I’ve been looking at tractors for sale online because Instagram recommends them to her in their ads
Click to expand...
(y) :) 🚜 hope you find a good one.

Diggsy said:
Communication Antenna
The communication antenna is fitted on the instrument desk.
Click to expand...
thanks... will have to see if I can find it one day.
 
You can disable all the radio/wireless connections but every time you plug into a charger there are some modules of the car that will communicate with the outside World.
 
Anon70 said:
You can disable all the radio/wireless connections but every time you plug into a charger there are some modules of the car that will communicate with the outside World.
Click to expand...
That's what, ideally, I'd like to avoid.
 
Ian Key said:
I guess you don't have a mobile phone so they don't know where you are or if you do you don't use Android Auto/Apple Carplay?
Click to expand...
I have an old mobile, but GPS is disabled. Would not pair it with the car or use any 3rd party apps. Sure I can still be tracked by the mobile operator, but that's unavoidable.
 

Similar threads

APMG
Taking receipt of my MG4 Trophy LR Friday - Queries, Questions, Concerns?
Replies
5
Views
533
Grriff
G
Noel
Why aren’t MG UK listening to our concerns
Replies
16
Views
1K
Lollipopman
Lollipopman
A
The remote control instruction failed error in iSmart app
Replies
2
Views
800
Astral
A
kiwi
Driver monitoring by MG and others
Replies
5
Views
574
kiwi
kiwi
D
Car Dead when using remote heating
Replies
11
Views
2K
Rolfe
Rolfe

Are you enjoying your MG4?

  • Yes

    Votes: 908 77.7%

  • I'm in the middle

    Votes: 171 14.6%

  • No

    Votes: 90 7.7%
See comments…
Support us by becoming a Premium Member

Latest MG EVs video

MG Hybrid+ EVs OVER-REVVING & more owner feedback
Published
Subscribe to our YouTube channel
Back
Top Bottom