Connected Cars are Driving New Cyber Risks

    May 15, 2025
    As vehicles become internet-connected, they face the same data breach risks as computers and smartphones.
    Credit: mikkelwilliam
    Awareness of the data risks associated with connected cars is the most important step toward minimizing your exposure.
    Awareness of the data risks associated with connected cars is the most important step toward minimizing your exposure.

    The Skinny

    • From Data to Damage: Connected vehicles collect vast amounts of unregulated personal data and can be exploited for theft, surveillance, or even weaponization.

     

    • Protective Measures: Awareness, smart purchasing decisions, and simple cybersecurity tools are essential for reducing exposure in an increasingly digital driving experience.

     

    • Driving Into Danger: As cars become more connected and autonomous, they introduce serious cyber vulnerabilities—some with real-world physical consequences.

    Modern automobiles don’t just get you where you’re going; they also collect data, connect to networks, and, in some cases, drive themselves. But as vehicles become more digitized, they also become more vulnerable. Unlike a compromised smartphone or hacked email, a breach in automotive cybersecurity can bring direct physical risks.

    The Rise of the Digitized Car

    Cars are increasingly incorporating digital technologies into their design. Research estimates that by 2030, 96% of new cars will be connected to the internet and other services. Even critical functions such as braking and steering are becoming connected features. These connected cars are often touted as increasing control, visibility and the user experience.

    However, as Global Guardian’s Worldwide Threat Assessment explores, these benefits come paired with increased data collection that is largely unregulated. Information on your location or driving patterns can be stored in the vehicle’s computer. Additionally, connecting your phone to a car’s touch screen can give the car access to your phone’s data. This data can help the car improve its performance or offer additional digital features, but it also opens new channels for sabotage and cybercrime.

    A New Kind of Vulnerability

    As cars join the ranks of internet-connected devices, they face the same data breach risks as your computer or cell phone. But the stakes are even higher.

    Car owners face considerable digital risk, and the necessary safeguards are slow to come. For instance, RFID scanners give thieves the ability to digitally hijack cars that no longer require a key to enter or start. Hackers can also now use your vehicle to access sensitive information, such as your location or data from a connected phone. Robust data protection plans are still needed to protect car owners’ data and privacy.

    Worse, modern cars can pose serious physical threats. A state or non-state actor could remotely operate cars to turn them into ramming weapons, cause hundreds of simultaneous lithium fires or overload the draw on EV charging stations to crash the grid. Ransomware attacks could lock down the brakes, forcing those in the car to pay their ransom to access them and slow the vehicle. These scenarios may sound dramatic, but the technology to execute them already exists.

    Car owners face considerable digital risk, and the necessary safeguards are slow to come. For instance, RFID scanners give thieves the ability to digitally hijack cars that no longer require a key to enter or start.

    It’s not just opportunistic hackers. While no known incidents have been reported, connected cars create the potential for exploitation by nation-state actors. China and Russia have a long history of penetrating critical infrastructure within the U.S. and Europe. The risk of adversarial great powers exploiting the vulnerabilities of connected cars for espionage or sabotage is growing, along with our increasing acceptance of these vehicles.

    Shoring Up Your Defenses

    Awareness of the data risks associated with connected cars is the most important step toward minimizing your exposure. Many consumers don’t consider their cars as potential vulnerabilities for cyberattacks, any more than they think of their internet-enabled fridge as a risk; however, this mindset must change. Even simple precautions like a USB data blocker can protect your data from malicious actors.

    Researching the manufacturer’s data policies before purchasing a new car is a must. Companies such as Mozilla offer analysis of tests on data permissions and capabilities that can inform buyers of the risks. Understanding what data they collect, how they use it and how secure their servers are should become a standard part of the car-selection process. Questions to ask before purchasing a car include how the company encrypts data, how long they have historically taken to fix discovered vulnerabilities, what connectivity features can be turned off or what third-party security apps you could download. While an older, less connected car is the safest choice from a cybersecurity standpoint, taking precautionary measures can mitigate some of the risks. 

    Living in an Interconnected World

    The threats facing connected cars reflect a much larger issue in our interconnected, digitally-driven world. The more digital connections we build into our lives for the sake of convenience or customization, the more opportunities there are for nefarious actors to use those connections for their purposes. Working with a trusted security partner to identify and mitigate physical or digital security risks can help car owners navigate our rapidly evolving world.

    The digital road holds enormous promise. But we are already seeing the early warning signs of cracks in the cybersecurity protections. We must take note and create more robust safeguards to protect ourselves while encouraging progress.

     

    About the Author

    Joe Chafetz | Intelligence Analyst at Global Guardian

    Joe Chafetz is an Intelligence Analyst at Global Guardian, a global security firm based in McLean, Virginia, that provides its clients with access to a comprehensive suite of duty-of-care services.

    Joe is an accomplished Open-Source Intelligence (OSINT) Analyst who specializes in convergent threats, interstate conflict, and predictive intelligence. Throughout his career, Joe has crafted detailed, data-driven intelligence products, utilizing his expertise in both qualitative and quantitative analysis to deliver actionable insights.

    Joe currently serves as an Intelligence Analyst at Global Guardian, with a particular focus on Sub-Saharan Africa and Eurasia. He is responsible for producing high-level reports on geopolitical trends and delivering customized intel products and services for a global client base.

    Previously, Joe worked as an OSINT Researcher & Analyst for the Cameroon Anglophone Crisis Database of Atrocities, where he employed geolocation and web scraping techniques to analyze human rights abuses. His efforts helped produce timely reports, despite limited on-the-ground sources. In addition to his intelligence career, Joe has experience in media production, having served as Executive Producer for World Radio Paris, where he produced content in both English and French for over 250,000 listeners.

    Joe holds a Master’s degree in Conflict, Security, and Development from the University of Exeter and a Bachelor’s degree in Philosophy, Politics, and Economics from the American University of Paris.