Cybersecurity on Wheels: ASIO Issues Security Warning Over ‘Smart’ Cars on Australian Roads
Motoring and TECH/POSTED 06 JUNE,2026
Canberra — Australia’s premier domestic intelligence agency has issued an explicit warning to federal politicians and public servants, advising them against discussing confidential or classified information inside modern internet-connected vehicles due to an escalating threat of electronic eavesdropping and data exploitation.
Testifying before Senate Estimates, ASIO Deputy Director-General Lisa Alonso Love cautioned that the exponential growth of “smart” vehicles has introduced complex data-gathering pipelines that can be weaponized by malicious actors or foreign intelligence services.
“Obviously, a connected car may have other vectors to gather that information, but those conversations should only ever happen in places that are set up for classified conversations,” Ms. Alonso Love stated. “People should be conscious of the things that they are discussing in vehicles, knowing that people may be able to get that information.”
Computers with Microphones
The intelligence warning sheds light on a major structural transformation within the domestic automotive market. Once viewed as isolated mechanical transport, modern vehicles have effectively evolved into highly sophisticated mobile computer networks equipped with persistent internet connectivity, biometric sensors, cabin cameras, and high-definition microphones.
According to data compiled by global consultancy McKinsey, roughly 50% of vehicles operating on Australian roads were linked to the internet by 2021.
Fleet projections indicate that by 2035, internet-connected vehicles will account for 95% of all cars in Australia.
The volume of information harvested by these systems is immense.
Cybersecurity analysts note that integrated vehicle sensors can generate between 1 and 2 terabytes of raw data every single day per vehicle.
“This includes real-time telemetry, location mapping, driving behaviors, cabin audio, and deep data synced directly from occupants’ smartphones via Bluetooth or USB connections—such as contact lists, private text messages, and calendar appointments.”
Industry-Wide Data Tracking
While the influx of highly automated vehicles has drawn heightened scrutiny regarding state-backed espionage risks, consumer advocacy research highlights that invasive data-harvesting practices are a standard operational framework across the global automotive sector.
An extensive automotive privacy investigation conducted by consumer group CHOICE revealed that nearly all major vehicle manufacturers operating in Australia collect extensive driver data and routinely share it with external entities.
| Manufacturer | Disclosed Data Practices (CHOICE Investigation) |
| Kia & Hyundai | Collect and share driver voice recognition data with third parties. |
| Tesla | Records and shares short video clips and audio logs captured by internal cabin cameras. |
| Toyota | Tracks precise vehicle coordinates, alongside acceleration, braking, and cornering habits; policy allows sharing with third parties like debt collectors or insurers. |
“Most people haven’t fully ingested how many data points are being collected in a vehicle,” said Montii Abid, a cybersecurity researcher at the University of Technology Sydney (UTS). “The tech has moved away from being something simple to being a computer with a microphone, cameras, personal data, everything.”
“Where is that data going after these companies get it, and what’s it being utilized for?“
— Jarni Blakkarly, CHOICE Journalist
Australia’s Regulatory Deficit
Legal and technical experts argue that Australia’s existing legislative architecture is deeply inadequate to deal with the rapid evolution of connected transport infrastructure. Unlike consumers in the European Union, who are protected by stringent opt-out requirements and mandatory clear-consent frameworks via the General Data Protection Regulation (GDPR), Australian consumers operate under significantly weaker protections.
Domestic digital privacy is still governed by the decades-old Privacy Act of 1988, which lacks explicit provisions for automated, en masse vehicular data collection.
Because vehicles are overwhelmingly manufactured overseas, user and passenger data is routinely processed and stored in foreign server farms, effectively placing the information outside the jurisdiction of Australian privacy watchdogs. Furthermore, under current commercial frameworks, consumers are given an ultimatum: accept the total collection and third-party transmission of their personal data, or face the complete deactivation of the vehicle’s core safety and navigation features.
The loophole poses an immediate risk to passengers, such as rideshare or taxi users, who enter these data-harvesting environments without ever giving explicit consent or signing a manufacturer privacy waiver. As connected fleets expand, security agencies and consumer groups alike are calling for an immediate overhaul of domestic digital transport laws to establish mandatory clear boundaries on vehicular data retention.
