Are Our Cars Spying On Us? The Truth Is More Ordinary, And More Alarming
There was a time when the family car was one of the last private spaces left in modern life. It was where couples argued, teenagers confessed, parents took work calls, and politicians, executives and public servants squeezed in conversations between meetings. The car was movement, convenience and privacy all in one.
That assumption is now looking increasingly outdated.
Australia’s spy agency has warned politicians and public servants not to discuss sensitive or classified information inside vehicles. The advice was not limited to Chinese electric cars. It was not limited to electric vehicles at all. The warning applied to any vehicle, connected or otherwise, with an added note that connected cars introduce extra risks because of the way they collect, store and transmit data.
That distinction matters. The public debate will inevitably be dragged towards geopolitics, particularly after Chinese-made electric vehicles were added to the list of taxpayer-funded cars available to federal politicians. But treating this as a China-only story misses the larger and more uncomfortable truth. The modern car, regardless of badge, battery or country of origin, is no longer just a vehicle. It is a rolling computer, a sensor network, a data broker, a microphone, a GPS tracker and a smartphone accessory on wheels.
The question is not whether your car is deliberately spying on you in the cinematic sense. The more useful question is whether it is collecting enough information about you that, in the wrong hands, it could become a surveillance tool. The answer is clearly yes.
A connected car can be connected through an embedded SIM card, an inbuilt modem, a paired phone, Bluetooth, USB, Wi-Fi, an app or a cloud service. That connectivity powers features many drivers now expect, such as live traffic, remote unlocking, software updates, emergency assistance, voice commands, diagnostics, driver alerts and infotainment services.
The problem is that convenience is rarely free. When a car can communicate with the outside world, it can also send information out of the vehicle. That information can include where you have been, where you are going, who you called, what contacts are stored on your phone, what messages passed through the infotainment system, how fast you drove, how hard you braked, what route you took, what you searched for, what your voice assistant heard, and sometimes what cameras or microphones inside and outside the vehicle captured.
For most people, that sounds invasive but abstract. After all, who would care about your trip to the supermarket, your school run, or your weekend drive to the coast?
That is the wrong way to think about privacy. The danger is not always one dramatic secret. It is the pattern. Location data can reveal where you live, where you work, where your children go to school, which medical clinics you visit, which religious or political events you attend, who you meet, and how predictable your routines are. A single trip may mean nothing. A year of trips can become a map of your life.
For politicians, senior public servants, journalists, lawyers, business leaders, activists and defence contractors, the risk is obvious. A connected car could reveal meetings, habits, associations or movements that were never meant to be public. For the rest of us, the risk is more everyday but no less real. Data can be hacked, leaked, sold, subpoenaed, misused by insiders, shared with third parties, analysed by insurers, accessed through poorly secured apps, or left behind when a car is sold or returned as a rental.
The unsettling part is how little control drivers often have. When you pair your phone with a vehicle, you may be giving the car access to contacts, call logs, messages and other personal information. When you use a manufacturer’s app, you may be creating another account, another password, another location trail and another company with access to your habits. When you accept a privacy policy at the dealership or inside an app, you may be consenting to data practices you have not meaningfully read and could not realistically negotiate.
This is the privacy bargain of the smart device era, now parked in the driveway.
The car industry is also different from the phone industry in one important respect. People have slowly learned to think of their phones as security-sensitive devices. They lock them, update them, install banking apps carefully and worry about scams. Far fewer people think of their car the same way. Yet a modern vehicle can hold deeply personal data and may remain in use for ten, fifteen or twenty years, passing through owners, dealers, service centres, insurers, mechanics, rental fleets and cloud platforms.
That longevity creates another problem. A phone that no longer receives security updates is usually replaced. A car that no longer receives software support may stay on the road for years. If manufacturers do not clearly disclose how long connected systems will be supported, consumers may be left driving unsupported technology long after the marketing gloss has faded.
So what should drivers do?
First, stop treating the car as a private room. For ordinary conversations, this may feel excessive. For sensitive work discussions, legal matters, commercial negotiations, medical details or anything confidential, it is sensible. The safest conversation is still the one that does not happen in a potentially monitored environment.
Second, be careful what you connect. Do not automatically pair every phone to every vehicle. Avoid syncing contacts and messages unless you genuinely need that function. In rental cars, hire cars and borrowed vehicles, avoid pairing your phone at all where possible. If you must connect, delete your profile before returning the car.
Third, go through the privacy settings. Many vehicles have options to disable data sharing, smart driver reports, location services, behavioural analytics or personalised advertising. These settings are often buried, but they matter. The default setting is rarely designed for maximum privacy.
Fourth, keep the vehicle software and associated apps updated. Updates are not only about new features. They may fix vulnerabilities that could be exploited. Use strong, unique passwords on car apps, enable multi-factor authentication where available, and be cautious about sharing app access with family members, staff or third-party services.
Fifth, before selling or trading in a car, factory reset the infotainment system and remove all paired devices, navigation history, garage door codes, addresses and user profiles. A modern car should be wiped like a phone before disposal.
Sixth, ask better questions before buying. What data does the car collect? Where is it stored? Can you opt out? Will opting out disable core features? How long will security updates be provided? Is data shared with insurers, advertisers, analytics firms, law enforcement or overseas entities? If the salesperson cannot answer, that itself is useful information.
For government, the bar should be much higher. Public sector fleets should not be selected only on price, emissions and availability. Connected vehicle procurement should include cyber risk assessments, data residency questions, software support obligations, phone pairing restrictions, incident response requirements and clear rules for classified or sensitive discussions. If an official phone is not allowed in a secure meeting room, it should not be casually synced to a vehicle that sends data offshore.
This does not mean we should panic or reject every connected feature. Connected vehicles can improve safety, maintenance, navigation and accessibility. Emergency call functions can save lives. Over-the-air updates can fix faults faster. Driver assistance systems can reduce accidents. The answer is not to pretend we can return to a fully analogue world.
But we do need to abandon the fiction that cars are still dumb machines. They are now part of the digital ecosystem, and they deserve the same scrutiny we apply to phones, laptops, smart speakers and home security cameras.
The ASIO warning should not be dismissed as paranoia. It is a belated acknowledgement of a reality consumers have been sleepwalking into for years. The most intimate technology in your life may not be the device in your pocket. It may be the one you sit inside, speak inside, charge your phone inside, navigate with, and trust to take you home.
Our cars may not be spying on us with intent. But they are listening, logging and transmitting more than most drivers realise. In cybersecurity, that difference is not nearly as comforting as it sounds.
Photo Credit: DepositPhotos.com