The Cybernews team, together with security researcher Sam Curry and automotive hacker BusesCanFly, did an eye-opening experiment and revealed just how simple it can be for cybercriminals to remotely access, track, unlock, even start and stop, not only today’s connected cars, but ambulances, police vehicles, and large commercial fleets. The filmed experiment shows what modern vehicle hacking really looks like.
Today’s cars aren’t just machines, they’re smart and giant computers on wheels. Many drivers enjoy smart features such as advanced driver-assistance systems and apps that find their car or start their engine from a distance, but few realize these same features can be a reason for serious risks.
To show what modern car hacking actually looks like, the Cybernews team invited Sam Curry and BusesCanFly to demonstrate hacks in a controlled, ethical setting. Hackers, who have accessed well over 15 million vehicles in their careers, used live demonstrations to reveal how both hardware and software can be exploited. They proved that for things like that, you only need basic details, like a license plate number.
Results: live tracking, remote unlocking, and more
The video investigation showcased hackers using a custom-built app to track and unlock vehicles using just minimal data remotely. “We could get a full copy of someone’s location history in seconds, honk their horn, unlock their car, open their trunk, and view their cameras,” Curry, who learned the skills needed for car hacking from his career as a bug bounty hunter, shared.
Perhaps most alarming, Curry explained that the vulnerabilities weren’t limited to personal cars. “We've found ways to remotely track, unlock, lock, start, and stop pretty much everything from normal consumer cars to police vehicles, ambulances, and large commercial fleets like semi trucks, by targeting the backend telematics systems they all rely on.”
Far-reaching risks
Curry says that this isn’t just about individual car theft. The team found that as modern cars’ connectivity grows, hackers could exploit these weaknesses to cause broader harm. Whether tracking political opponents, intimidating critics, or disrupting emergency services.
“On the consumer side, this has a real impact, ranging from live and historical GPS tracking to remote commands, account takeovers, and access to sensitive customer data using things like VINs, license plates, emails, or basic personal details. On the commercial and government side, the same kinds of vulnerabilities gave fleet-level control over business vehicles, police cars, ambulances, and semi-trucks, including tracking and command execution at scale,” Curry says.
He explains that when you buy a car, you agree to share your data with a third party who then has your billing information, address, access to your car's radio, and much more. The manufacturer also gets your data when you sign up for an account, which ties to your car, and then your car kind of exists to collect as much data on you as possible.
According to Curry, if someone wanted to track a high-profile individual, it would be enough to hack the car company, allowing them to see the car's location remotely. “I am really a casual player. The governments that are hacking each other have all the same access, if not more.”
“Some companies will store years' worth of your location history, as we saw after hacking Subaru, where I was able to retrieve over two years' worth of 10-meter precise driving history of my mom's car knowing only her license plate, or email address, or phone number, or even just first and last name.”
What can everyone do to protect themselves? To protect yourself from car hacking, it's best to avoid signing up for any online features your car offers and decline free trial offers from manufacturers or third parties, as these can open doors for unauthorized remote access. The problem is that real protection will require industry-wide standards, quicker software updates, and better privacy rules.
“Manufacturers are all starting to understand that it's in everyone's shared interest to improve the security of these vehicles,” said Curry.
Unlock exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked