Connected Cars Are Rolling Spy Networks — And They Can Be Hacked

In this special edition of Cybersecurity Today, host David Shipley dives deep into the growing threat of connected cars as rolling spy networks, featuring insights from Neil Bison, a retired Canadian intelligence officer, and Federico Simonetti, CTO of XSED Corporation and ethical hacker. The conversation reveals that modern vehicles—both electric and internal combustion—are essentially moving clusters of interconnected computers, constantly transmitting data via GPS, sensors, cameras, microphones, and cloud services. These systems, while offering convenience, create massive attack surfaces vulnerable to foreign adversaries who can exploit them for surveillance, profiling, and even physical manipulation. The panel discusses real-world hacks like the 2015 Tesla and Jeep Cherokee incidents, where hackers remotely controlled steering, brakes, and entertainment systems. They highlight that current security models lack mutual authentication and are often one-way, making man-in-the-middle attacks trivial. Despite the availability of software-based solutions like mobile target defense and end-to-end encryption, the core issue remains political: there are no enforceable cybersecurity laws for vehicles in Canada, and consumer demand for cheap EVs often overrides national security concerns. The guests propose bold policy solutions: a hardware kill switch to disable connectivity, a 'connected car bill of rights' for transparency and long-term software support, and national-level audit systems. They emphasize prevention over detection, warning that the world must shift from resignation to proactive defense before catastrophic breaches occur.