Car hackers Could they cause breakdowns or worse

Car hacking sounds like the stuff of Hollywood movies. But, while unlikely at present, as modern vehicles harness CPUs and software to an ever-increasing degree, the risk of us having our cars hacked is sure to grow. Learn about automotive hacking risks, and what carmakers are doing to minimise them.

Gone are the days when a car was merely a piston-driven machine with four wheels and few brake cables. Today’s cars can have dozens of microprocessors, controlling everything from the infotainment system to how the engine functions.

For those microprocessors to work, the right, up-to-date software has to be installed, and wherever there is software, there’s a hacking risk.

In this article we’ll explore how hackers can target the modern car, potentially causing them to work in unexpected ways, to break down, or even to crash.

Car hacking: How does it happen?

Modern cars are increasingly computer-driven, and that trend shows no signs of changing anytime soon.

Infotainment systems, keyless entry, adaptive cruise control, and engine management all rely on software and network connectivity, both of which are vulnerable to a myriad of threats - not least from hackers.

Common ways we might have our cars hacked:

Keyless entry exploits (car immobiliser hacking): Some thieves use special car hacking devices to capture or amplify signals from a car’s key fob, then those hackers take control of the car. In the UK there was a peak of these so-called “relay attacks" between 2015 and 2018. Things have improved, but despite improvements in encryption, relay attacks do still occur.
Telematics and mobile apps: Connected car apps can, if they have certain flaws or bugs, let attackers unlock doors or start engines remotely. Not a pleasant thought.
Onboard diagnostics (OBD-II) ports: Physical access can enable hackers to interface with your vehicle’s systems. If such individuals can access this port, they may be able to do things like reprogram ECUs and clone keys.
Vehicle-to-everything (V2X) communications: The cars of the future may be able to communicate with traffic lights or other vehicles, but these scenarios might result in a vulnerability if protocols aren’t secure.

What’s the worst that could happen?

Undesirable outcomes can range from minor annoyances, such as playing the horn remotely, to major safety risks like braking or steering interference (although such eventualities are rare at present).

Warning lights on a car

Breakdown risks in the modern car

Breakdowns aren’t always malicious. Most are related to the mechanics or the software of a vehicle.

Software glitches: Modern cars rely on various pieces of software. A bug might cause the engine to stall, or result in transmission errors or warning lights.
Electronic component faults: There are a lot of small components in the modern car. If one goes wrong, it might impact the entire operational health of the vehicle. Faults in sensors, ECUs (engine control units), or network modules can leave your car inoperable.
Battery & connectivity issues: Electric and hybrid cars can only go on working if the battery management software is functioning as it should. Any sort of failure (including from a hacker) can “brick” the car (i.e. it becomes as useless as the proverbial brick).
Maintenance neglect: However, as dramatic as car hacking sounds, a vehicle is (especially if it's older) statistically more likely to break down from general neglect.

The overlap

This is where the notion of “carhacking and breakdown risk” gets rather interesting.

While very unlikely at the present time, a cyberattack could intentionally cause a breakdown. Examples include ransomware that locks vehicle systems until a requested payment has been made.
Malware that has, by some method, been added to dealership software or connected apps might wind up disabling cars.
Unauthorised firmware updates have the potential to leave vehicles unstable.

At the end of the day, the more connected and computerised the modern car becomes, the higher the potential for a digital vulnerability even if reliability on a mechanical level remains the same.

What’s the situation right now, in 2026?

While these kinds of risks can trigger anxiety, in reality, real-world malicious car hacking incidents are very rare. Most reports are from proof-of-concept attacks by researchers (i.e. auto security specialists testing a particular car’s vulnerabilities).
Car manufacturers are improving cybersecurity with over-the-air updates, intrusion detection systems, and, not least, stricter encryption.
While the risk of a breakdown caused by software is steadily increasing as vehicles become more and more software-dependent, in reality, maintenance and recalls still prevent most critical failures.

In short, the hope is that carmakers will be able to stay one step ahead, making hacking a car increasingly difficult.

UK Police car lights

What might be a car-hack worst-case scenario?

Here’s a more detailed look at the more undesirable possible effects of an automotive hacking attack. These are extremely unlikely, but possible now or in the future.

Immediate physical control

Brake, throttle, or steering gets overridden: A carhacker might gain remote access, enabling them to accelerate, brake, or steer the vehicle without the driver’s consent. Naturally, this could be disastrous.
Engine gets immobilised: A hacker might be able to shut off the engine mid-journey or prevent it from starting up in the first place, ultimately stranding the driver (and passengers) in a potentially perilous location.
Door/lock control: Occupants might be trapped inside, or doors might be unlocked for unauthorised access (extreme but possible).

Impact: This could cause accidents, put passengers in harm’s way, or enable theft without leaving any sort of physical evidence (a major headache for police).

Safety systems could be compromised

Airbag deactivation: If hackers interfere with the ECU, airbags could fail in a collision.
ABS/ESC override: Anti-lock brakes or stability control could in theory be disabled, which would of course increase the risk of a crash.
Manipulation of autonomous vehicle features: For cars with advanced driver assistance or self-driving features, hackers might find a way of forcing the car to make dangerous manoeuvres, or otherwise mislead the vehicle into having a collision.

Impact: Dramatically increases the chance of injury or death, even if the driver is alert and on-the-ball.

Privacy and theft of data

Tracking and surveillance: Hackers could monitor GPS data, cabin microphones, cameras, or connected apps.
Identity theft: Personal information stored in connected apps or navigation histories could be harvested.
Ransom attacks: Some proof-of-concept attacks show cars could be “locked” digitally until a requested payment is made.

Impact: Financial loss, stalking, and personal security threats.

Large-scale or systemic risks

Fleet attacks: Hackers target rental cars, delivery trucks, or public transport, potentially creating widespread chaos.
Connected vehicle networks: If multiple vehicles are exploited through vehicle-to-vehicle (V2V) or vehicle-to-infrastructure (V2I) links, traffic could be disrupted, causing accidents and gridlock.
Cyber-physical terrorism: Theoretically, a coordinated attack could target emergency response vehicles or critical transportation networks.

Impact: Beyond a single car, entire communities or city traffic could be affected.

Feasibility check

Single-car hacks causing serious accidents are technically possible but rare.
Mass attacks remain mostly theoretical, though security researchers often simulate them to highlight vulnerabilities.
Most current risks are keyless thefts, data breaches, or OBD-II exploits, which are far more common than full control hacks.

Practical tips for minimising the chances of a car hacker attack

Here are some straightforward and actionable ways you can stay on top of the hacker threat both for now, and in the future.

Keep your car’s software updated: Your car’s updates often patch newly appeared security flaws, so don’t ignore them. These can help defend against car hacking devices used in relay attacks.
Use strong passwords for connected apps and avoid unknown third-party diagnostic tools. A strong password is long, complex and unique, and doesn't contain any personal information.
Be careful when making use of public charging stations or Wi-Fi in connected vehicles. There is a (albeit unlikely) chance of a vulnerability being established in such situations.
Regular physical maintenance: Even in an all-singing, all-dancing connected car, physical care matters most. You’re far more likely to break down through general neglect of your car’s mechanical components, than from a hacker.

Provider	Cookies	Purpose
startrescue.co.uk	srsm	We use security cookies to authenticate users, prevent fraudulent use of login credentials, and protect user data from unauthorised parties.
	srcl	We use security cookies to authenticate users, prevent fraudulent use of login credentials, and protect user data from unauthorised parties.
	temp_srsession	We use security cookies to authenticate users, prevent fraudulent use of login credentials, and protect user data from unauthorised parties.
	__RequestVerificationToken	This cookie is used to protect against Cross-Site Request Forgery (CSRF) attacks. This is set when you visit the page and is sent back to Our server whenever you submit a form in order to ensure any form submissions originated from Our site.
	sr_aggr	This cookie is used to attribute your purchases with our partners.
	sr_discount	This cookie is used to ensure customers receive discounts when purchasing through online advertisements.
	_cookieconsent	This cookie indicates preference for the use of non-essential cookies.
Application Insights	ai_user ai_session	These cookies are used to collect information about issues, dependencies and exceptions which may occur when browsing this website. This data is purely for telematics and error detection, triage and diagnoses. For more information click here.

Provider	Cookies	Purpose
Google Analytics	_ga _gid _gat AMP_TOKEN _gac_ <property-id>	Used to distinguish users. Used to distinguish users. Used to throttle request rate. Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Contains campaign related information for the user. For more information on the use of Google Analytics Cookies please click here.
Optimise	OMG-{MID}	Read by the Optimise conversion tag to provide a backup means to attribute a sale to a specific Affiliate.
HotJar	_hjid	Hotjar cookie that is set when the customer first lands on a page with the Hotjar script. It is used to persist the Hotjar User ID, unique to that site on the browser. This ensures that behaviour in subsequent visits to the same site will be attributed to the same user ID.
	_hjTLDTest	When the Hotjar script executes we try to determine the most generic cookie path we should use, instead of the page hostname. This is done so that cookies can be shared across subdomains (where applicable). To determine this, we try to store the _hjTLDTest cookie for different URL substring alternatives until it fails. After this check, the cookie is removed.
	_hjIncludedInPageviewSample	This cookie is set to let Hotjar know whether that user is included in the data sampling defined by your site's pageview limit.
	_hjIncludedInSessionSample	This cookie is set to let Hotjar know whether that user is included in the data sampling defined by your site's daily session limit.
	_hjFirstSeen	This is set to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.

Car hackers: Could they cause breakdowns - or worse?