Imagine driving a car that knows your daily routine, can monitor nearby traffic and even call for help in an emergency. Sounds great, right? But what if that same car could also reveal your location to someone else or be remotely controlled by a foreign hacker?

The US government is now propose a ban on automotive software and hardware from China and Russia, focusing on connected vehicle components that could pose both security risks and privacy threats to U.S. drivers.

As the Department of Commerce explains, this proposed rule targets foreign-made vehicle connectivity systems (VCS) and automated driving systems (ADS), the very technologies that allow our cars to operate like “smart devices” on wheels.

These systems offer useful conveniences, such as GPS, emergency braking and automated lane keeping. But they also make vehicles vulnerable to cyberattacks that could allow hackers to remotely control critical systems, posing a threat both to individual drivers and to national security if exploited on a large scale.

Physical security versus physical security. Cybersecurity compromise

Modern vehicles are equipped with connectivity systems such as Wi-Fi, Bluetooth, cellular and satellite links. These technologies enable real-time updates, navigation, and even life-saving features like collision avoidance and automated braking, which make driving safer by helping drivers make crucial decisions.

Automated driving systems (ADS) take safety one step further by handling complex driving tasks such as adaptive cruise control, lane keeping and emergency braking. However, each connected feature also introduces what cybersecurity experts call “attack surfaces”—potential points through which hackers can gain access to the system.

Imagine if a a hacker exploited a vehicle’s connectivity to interfere with braking or acceleration. This is the kind of risk the U.S. government is seeking to mitigate by focusing on vehicle connectivity and ADS components from countries like China and Russia.

As explained in a press release According to the Bureau of Industry and Security, VCS or ADS components could theoretically allow these governments to monitor or disrupt U.S. roadways, a scenario with significant public safety implications.

Consumer Privacy: Your Car Knows More Than You Think

In addition to cyber risks, connected vehicles pose unique privacy challenges for consumers. These cars collect large amounts of data on driving habits, location history and even contact information when synced with smartphones.

As a digital forensics expert, I have seen first-hand the large amounts of data collected by connected vehicles. These systems, which manage everything from GPS navigation to music streaming to phone connectivity, constantly record details about drivers’ habits, their routes and even their personal communications.

When performing forensic analyzes on these systems, it is clear that they capture more than just “driving data”: smart car systems store call logs, text message data, location history and even Wi-Fi connections. This data can provide a complete picture of a person’s daily activities, preferences and even social interactions.

This data can be useful for personalizing the driving experience, but it also creates privacy vulnerabilities. When a connected car is resold, any remaining data could potentially be accessed by the new owner, as it often remains stored in cloud systems or in the vehicle’s internal systems.

Privacy advocates warn that if these systems rely on Chinese or Russian components, the data they collect could be accessible to foreign governments due to domestic data sharing requirements in those countries. This is why the United States is emphasizing “trusted” suppliers for these components, seeking to protect consumer data from unauthorized access.

We have accident safety ratings, but what about cybersecurity?

The proposed rule to restrict Chinese and Russian automotive technology in U.S. vehicles could bring significant changes for consumers, affecting both vehicle prices and available features. Manufacturers will likely face higher costs as they work to replace foreign-made components with alternatives that meet new compliance standards, an analysis of Foley and Lardner LLP. This adjustment could mean higher prices or, in some cases, the removal of some high-tech features to avoid potential vulnerabilities.

However, the implications of the proposal go beyond cost; This represents a shift in the way we think about vehicle safety. Until now, consumers have primarily relied on traditional crash safety ratings to evaluate a vehicle’s safety. This new regulation highlights the growing importance of cybersecurity and data privacy as central elements for overall vehicle security, especially as vehicles are increasingly connected to external networks.

ForbesYour car is spying on you and sharing data with third partiesBy Lars Daniel

As a result, car buyers may soon have to place as much importance on digital safety as they do on crash test ratings. When it comes to car selection, understanding how well the vehicle’s data systems are protected could become as important as knowing how it performs in a crash. This change highlights a future in which data protection will be an integral part of vehicle security, making it essential for consumers to consider both physical and digital protections.