Modern cars, especially those made in the last five years, are like smartphones on wheels. With built-in Wi-Fi, Bluetooth, and internet-connected features, they offer conveniences like streaming music, hands-free calling, real-time traffic updates, and more. But these same features also collect massive amounts of personal data, from driving habits and locations to contacts and messages.
However, that data can end up in unexpected hands. General Motors, for example, was penalized in 2024 for allegedly selling customer driving data collected via its Smart Driver program. Additionally, a Consumer Reports investigation found that nearly all automakers collect and share similar “driver behavior data” with other companies, and continue to do so. In another case, a group of white hat hackers, that is, people who use their hacking skills with good intentions, uncovered vulnerabilities in SiriusXM® that could allow hackers to remotely find, unlock, start, honk the horn of, or flash the lights on certain car brands.
By 2025, over 400 million connected cars are expected to be on the road. While hacking a car remains rare, connected vehicles often share your data with multiple companies, including insurers and marketers, potentially influencing rates or targeting you with ads.
But, what is a connected car? A connected car has internet access and sensors that track everything: your speed, location, acceleration, engine status, and more. These features can be helpful, but they also pose privacy and security risks, as it opens the door to manufacturers using your information to develop cool new features (a win for you), but they can also sell that connected car data to marketers, who might use it to target you with products based on their knowledge that you take long drives every week. Plus, internet-connected devices are vulnerable to hacks.
But not to worry, just as you should follow expert tips to stay safe online, here are some smart ways to protect yourself against car hacks:
- Update your car’s software regularly to patch security vulnerabilities.
- Securing your car Wi-Fi with a strong password can also lessen the chance someone will crack your network, as well as using a VPN to encrypt your connection.
- Unplug dongles when not in use. A dongle is a small device that can create a car Wi-Fi hotspot, and while convenient, they can be entry points for hackers.
- Turn off unused features like Wi-Fi or Bluetooth, as these wireless systems are vulnerable to hackers.
- Stick to official apps from trusted manufacturers; most connected car manufacturers have dedicated apps that let you remotely control your car. But, there are also third-party apps that may lack proper security controls.
- If you’re looking to buy a connected car, choose a car brand with a good privacy record and review its privacy policy.
- If you're just running local errands, consider skipping the Wi-Fi connection altogether.
If syncing your phone to your own car raises privacy concerns, doing so in a rental car is even riskier. When you connect your device, whether via Bluetooth, USB, or Wi-Fi, the infotainment system often stores your personal data: contact lists, call logs, GPS locations, and more. And unless you delete it yourself, that information usually stays behind after you return the car.
A major breach at Avis exposed the sensitive data of over 300,000 customers, showing just how vulnerable the rental car industry can be. What’s worse, most rental companies don’t have clear policies, or automated tools, to erase data after each customer. If you’ve ever rented a car and seen other people’s devices still listed under Bluetooth settings, you’ve seen this firsthand.
This kind of leftover data can be accessed by future renters, rental company employees and/or hackers or third parties who access the system remotely. But most customers are unaware that syncing their mobile devices to these systems instantly grants permission to the companies to access their personal data. These policies are not always explicitly communicated during the rental process, leaving consumers to navigate the fine print of privacy policies they almost never read.
Even if identity theft isn’t the end goal, location data can still be misused. Knowing where you live, work, or routinely visit can help scammers craft targeted phishing attacks or impersonate you in emergency scams, like calling a loved one pretending you’ve been in an accident, a very common kind of attack that’s happening to people, and by far more common than stealing your identity and trying to open a credit card.
And it’s not just Bluetooth. Plugging into the car’s USB ports can also trigger data syncing, so avoid charging through the vehicle’s system unless you're using a charge-only cable.
If I didn’t scare you, and you still want to enjoy your connectivity option while renting a car, here are some steps to take with data when returning a rental:
- Unpair your phone from the car’s Wi-Fi and Bluetooth before returning it. Open the car’s infotainment system and navigate to the Bluetooth or Wi-Fi settings. Look for the list of paired devices and ensure you manually disconnect any that belong to you.
- Erase navigation history and recent destinations. Go into the navigation settings on the car’s system and clear out your location history. This removes any saved destinations, routes, or recent searches that could reveal personal information such as your home or work address.
- If available, perform a factory reset of the infotainment system.
- Avoid plugging your phone into the car’s USB port.
- Limit the data you allow the vehicle to access, just as you would with a new app on your phone; don’t allow it to store or access information without re-syncing to your phone.
If you are curious about how safe your car is, the Mozilla Foundation published an article in which they revealed how 25 major car brands collect and share deeply personal data, including sexual activity, facial expressions, and genetic and health information.
Happy, and safe, driving!