Connected cars harvest 2TB daily, ASIO warns of 'spy car' eavesdropping

For cybersecurity professionals, the connected car is the ultimate Internet of Things nightmare: a mobile sensor suite generating a firehose of data with minimal security controls and opaque data-sharing agreements. ASIO’s warning that conversations in vehicles can be intercepted shifts the conversation from theoretical risk to active threat intelligence. With Chinese electric vehicles now in government hands and investigations into Asian car brands’ data practices underway, security teams must treat corporate fleets and executive transport as potential exfiltration points.

Australia’s domestic intelligence agency, ASIO, has issued a stark warning to politicians and public servants: connected cars are potential espionage platforms capable of intercepting classified conversations. The warning, delivered by Deputy Director General Lisa Alonso Love during a Senate estimates hearing in May 2026, underscores a rapidly escalating threat landscape where modern vehicles—packed with microphones, cameras, and always-on internet connectivity—are harvesting vast troves of data that could be exploited by foreign states. Love’s admonition that sensitive discussions “should only ever happen in places that are set up for classified conversations” reflects an acknowledgment that vehicle-borne eavesdropping is no longer speculative but a tangible national security vulnerability.

“

McKinsey reported five years ago that roughly half of new cars sold in Australia were internet-connected, a figure projected to reach 95% by 2035.

The timing is particularly contentious. Despite ASIO’s caution and a looming US ban on Chinese connected-vehicle technology, the Australian government has for the first time added Chinese-made vehicles to the list of taxpayer-funded cars available to federal Members of Parliament for private use. Six BYD models and an MG now sit alongside traditional options, including the popular Sealion SUV and Shark plug-in hybrid ute. Critics argue this exposes a glaring disconnect between security advice and procurement policy, potentially placing elected officials at heightened risk of technical surveillance.

The scale of data generated by modern connected cars is staggering. McKinsey reported five years ago that roughly half of new cars sold in Australia were internet-connected, a figure projected to reach 95% by 2035. Each connected vehicle can generate between one and two terabytes of raw sensor data daily—everything from location and driving behavior to in-cabin audio and even biometric information. Consumer advocacy group Choice previously found that nearly every major car brand collects driver data and shares it with third parties. Tesla, KIA, and Hyundai were specifically cited for sharing biometric data; Tesla additionally records short video and audio clips that are transmitted off-vehicle. The Office of the Australian Information Commissioner confirmed in February 2026 that it was investigating two Asian car manufacturers—widely suspected to be Chinese—over their data practices, though Australia’s privacy laws lag far behind the technological curve.

The implications extend beyond individual privacy. For defense and intelligence agencies, connected cars represent a mobile surveillance threat that could capture conversations of military personnel, diplomats, and executives in transit. The geopolitical dimension is acute: the US Department of Commerce has signaled a ban on Chinese connected-vehicle technology, citing national security risks, yet Australia’s fleet choices appear to diverge. This dissonance may strain intelligence-sharing relationships within the Five Eyes alliance and highlights the challenge of securing supply chains in an era of pervasive connectivity.