Why Modern Cars Are a Security Liability — And What I’m Buying Instead

May 13, 2026 Axel Segebrecht #Privacy and Trust #Privacy #Surveillance #Data Protection #IoT Security #Technical Sovereignty #Governance #Digital Hygiene #Cybersecurity #Data Minimisation

A driver behind the wheel of a modern car, hands on the steering wheel — extending trust to a vehicle increasingly governed by someone else’s software

Modern cars are full of features I genuinely love. They’re also full of security risks I can no longer ignore.

Let me start with the case for the modern car, because there is one and it’s strong.

When I drove the very first generation Nissan Leaf, it felt like a glimpse of the future. I could pre-heat the cabin from my phone before walking out the door on a cold January morning. I could check from a meeting room that I’d actually locked it. I could find it in a multi-storey car park whose floor I’d forgotten. A modern EV adds adaptive cruise control that holds a safe distance on the motorway, blind-spot monitoring that quietly nudges you when there’s a cyclist alongside, 360-degree cameras that turn parallel parking into a non-event, lane-keep assist that catches the moments your concentration didn’t, and the warming and cooling pleasures of heated and ventilated seats.

These are real improvements. I’m not nostalgic for crank windows and the satnav living on a CD-ROM. The features modern cars deliver are worth wanting.

The problem is the architecture they’re built on.

How we got here

The short answer is touchscreens.

Modern cars are stuffed with screens because screens are cheap. A single touchscreen replaces dozens of physical buttons, switches, dials and bespoke control boards. Manufacturers love this — it cuts the bill of materials, lets them ship a single hardware platform and segment the market with software flags, and gives them a permanent relationship with the owner through the in-car modem.

But the same trade-off that makes touchscreens cheap makes your car fragile. On a Polestar, there are no analogue dials — if the digital cockpit fails, you literally can’t see your own speed. You’re being asked to bet your car’s drivability on a consumer-grade display panel.

And once the car is software-defined, everything about it sits in the manufacturer’s gift. Features can be added, removed, upsold, paywalled or simply switched off — for years after you bought the thing. From the manufacturer’s perspective, that isn’t a bug. It’s the entire point.

You’re not just losing features — you’re paying a security tax

Here’s where it stops being an inconvenience and starts being a risk.

The more connected technology you have in a car, the bigger its attack surface — the number of places where something can be exploited. Security researchers have demonstrated remote car hijacks for over a decade. The 2015 Jeep Cherokee hack, in which Charlie Miller and Chris Valasek took control of a journalist’s car on the motorway from a sofa, was a wake-up call the industry largely ignored. Cars have only become more connected since.

The threat model isn’t just dramatic remote takeovers, though those exist. It’s the more boring, more lucrative things:

Data harvesting. Modern cars phone home with your location, your driving style, your braking behaviour, and your phone contacts the moment you pair a handset. That data is routinely sold on, sometimes to insurance companies, often without meaningful consent.
Stalking and coercive control. Connected-car apps allow remote location tracking, remote unlocking, remote pre-conditioning, and in some cases remote summon. The account stays with whoever set it up — usually a single administrator per car. When a household relationship deteriorates, that becomes a tool of control. Domestic abuse charities and outlets including the New York Times have documented cases of abusers tracking, locking out, and pre-conditioning the cabins of partners who had no idea the access still existed. Manufacturer processes for severing that access are typically slow, opaque, and assume the survivor can prove ownership.
Ransomware. In June 2024, the CDK Global ransomware attack took roughly 15,000 US car dealerships offline for weeks — no sales, no servicing, no parts orders, no warranty work. That was a dealer-network attack, not a vehicle one, but it’s a preview of the architecture. The more your car depends on a manufacturer’s backend to navigate, charge, update or even start, the more an outage on that backend stops you from driving — even when nothing physical is wrong with the car. Researchers have already demonstrated proof-of-concept in-car ransomware. Fleet operators, rental companies and EV charging networks are the obvious next targets.
Bricking by accident. A failed over-the-air (OTA) update or an expired backend service can take your car partially or completely offline through nothing more sinister than ordinary software failure. The dealer’s answer is usually a new control unit at your expense.

The stalking and ransomware cases in particular deserve more attention than the industry has so far given them. Both share a structural cause: a car built around a single manufacturer-controlled account, with a single backend, and no realistic way for the owner to opt out and keep driving. The harm isn’t a bug in any one vendor’s product — it’s the architecture itself.

None of this is hypothetical. It is the standard operating model for the modern vehicle.

You bought it, but you don’t own it

Here’s the punchy version: your car can be downgraded after you buy it, and there’s very little you can do about it.

In April 2026, Nissan quietly switched off EV Connect, the feature that lets owners of older Leafs pre-condition the cabin, check whether the windows are shut, and remotely lock or locate the car. The justification? The onboard modem relied on 3G, and 3G networks are being sunset globally. Rather than offering an upgrade path or a workaround, Nissan binned the feature entirely. Anyone who paid extra for it just had their car quietly devalued.

This isn’t a one-off.

In May 2025, Honda did the same thing to Acura owners, killing the AcuraLink connected services for vehicles whose modems were no longer supported. BMW spent a chunk of 2022 trying to charge owners around $18 a month to unlock heated seats — heated seats that were already physically installed in the car. They back-pedalled after the backlash, but only after testing how much consumers would tolerate.

Tesla has been caught locking range over the air. In one widely reported case, a Model S owner went in for a routine service appointment and came out with 80 miles of range hidden behind a paywall. Mercedes-Benz, meanwhile, has been quite open about charging around $60 a month for better acceleration in their EQ models — acceleration the car is fully capable of, but which is held back by software.

Polestar shipped cars with all the hardware needed for adaptive cruise control as standard, then locked the functionality behind a “Pilot Plus” package. Enterprising owners have hacked it back on themselves, which is its own kind of statement.

The wider movement working on this is called right to repair — the principle that if you’ve bought a thing, you should be able to keep it working, fix it, and decide what runs on it. Modern cars are arguably its sharpest test case. When you hand over £30,000 or £60,000 for a car, what exactly are you buying — a vehicle, or a years-long licence the manufacturer can revoke, throttle or upcharge at will?

The 3G problem — and what comes next

Nissan’s EV Connect didn’t die because the team got bored of supporting it. It died because mobile operators are turning off 3G networks to free up spectrum for 4G and 5G. UK 3G shutdowns ran through 2024 and 2025. The US is already done. Most of the EU is well underway.

Your current car probably has a 4G modem. That’s fine — for now. But 5G is rolling out, 6G is being trialled, and 7G is on the long-term horizon. Each new generation eventually displaces the old. The modems and head units in your car aren’t user-upgradeable, and manufacturers are choosing not to make them so.

The question isn’t whether your car’s connected features will be cut off, but when. Anything sold today on a 4G modem is already on a clock.

The repair bill nobody mentions

There’s also the small matter of what the modern car costs you to keep on the road.

I’ll be honest: I was looking at a Polestar. Big touchscreen, fully digital cockpit, every modern driving aid. The car is genuinely lovely.

Then I started pricing the repairs.

A wing mirror with a blind-spot indicator and camera built in is a £500-£600 part before fitting. Rear sensors bumped in a supermarket car park need replacing and recalibrating — comfortably north of £1,000. A stone chip big enough to require a new windscreen, where that windscreen has heating elements and a forward-facing camera array embedded in it, can cost more than £1,000 by the time the cameras have been recalibrated by a specialist.

These aren’t worst-case figures. They are the normal cost of owning a car full of sensors. And it isn’t money you spend once; it’s money you might spend any year someone reverses into your bumper or a lorry kicks a pebble at your windscreen.

So I find myself doing what a lot of sensible people are quietly doing: looking backwards.

The Bottom Line

The modern car is a security liability dressed up as progress. It expands your attack surface, harvests your data, exposes you to remote takeover, ransomware and stalking, and can be quietly downgraded by the manufacturer long after you’ve paid. Its expensive sensors and screens are failure points sold to you as features.

You don’t have to buy into all of that. The second-hand market is full of properly engineered cars that will do everything you actually need, won’t phone home, won’t be bricked when a network sunsets, and can be modernised on your terms, not the manufacturer’s.

If you must buy new, buy with your eyes open: read the privacy policy, ask which generation of modem is fitted, and ask what happens when the manufacturer decides the connected features have reached “end of life.” If the salesperson can’t answer, that is the answer.

What’s Your Experience?

Have you had a feature in your car switched off, paywalled, or quietly downgraded after you bought it? Are you thinking about going backwards for your next car, or have you found a modern EV that doesn’t play these games? I’d genuinely love to hear about it. Leave a comment below or share your thoughts on social media.

If you’d like to talk this through — whether for yourself, or because the same pattern applies to the software your business depends on — hit the “Let’s talk” button and book a free explorative call.

Axel Segebrecht is founder and director of Be Braver Ltd, a UK-based technology consultancy specialising in digital sovereignty, self-hosted infrastructure, and FOSS migration for European businesses.

Photo by Bastian Pudill on Unsplash