Prevent Connection of Mobile Devices to Infotainment
Do not link mobile phones to car infotainment systems.
🏛️ Framework
ASD Information Security Manual (ISM)
🧭 Control effect
Preventative
🔐 Classifications
NC, OS, P, S, TS
🗓️ ISM last updated
Mar 2026
✏️ Control Stack last updated
23 Mar 2026
🎯 E8 maturity levels
N/A
Guideline
Guidelines for enterprise mobilitySection
Mobile Device UsageMobile devices are not connected to the infotainment systems of connected vehicles.
Source: ASD Information Security Manual (ISM)
Plain language
This control stops mobile phones from connecting to car infotainment systems. If phones are connected, sensitive data could be accessed by hackers if a car's system is not secure. It’s important because it helps protect personal and business data from being compromised while driving.
Why it matters
Failing to prevent mobile connections to car infotainment systems increases the risk of unauthorised access to sensitive information.
Operational notes
Regularly communicate and reinforce policy to prevent employees from connecting devices to vehicles, ensuring ongoing compliance and security.
Implementation tips
- IT teams should configure MDM policies to prevent organisational mobile devices from pairing with vehicle infotainment systems. On iOS this can be enforced via supervised mode restricting CarPlay; on Android, MDM profiles can block specific Bluetooth device classes (audio/video).
- Fleet managers should ensure company vehicles have their infotainment pairing history cleared and, where possible, disable the ability to pair new devices. Document which vehicles have been configured and maintain a review schedule.
- Managers should create a clear policy stating organisational mobile devices must not be connected to vehicle infotainment systems via Bluetooth, USB, or wireless projection (CarPlay/Android Auto). Communicate this through team meetings and written guidance.
- HR should include connected vehicle risks in security awareness training, explaining how infotainment systems can sync contacts, messages, and call history from paired devices — creating a data leakage path that persists after the device is disconnected.
- Security teams should periodically audit vehicle infotainment systems for evidence of organisational device pairings. Check paired device lists in company fleet vehicles and document findings, escalating any policy violations for remediation.
Audit / evidence tips
-
Ask: the policy document outlining mobile device restrictions in vehicles. Review it to confirm it specifically mentions disabling infotainment connections
Good: includes a dated policy with management approval
-
Look at: session dates, attendance, and topics covered, such as risks of mobile connections to cars. Good records should be up-to-date and comprehensive
-
Ask: the fleet manager for the vehicle checklist that includes infotainment security settings. Ensure that items like Bluetooth and USB connection restrictions are included. Good documentation should be detailed and regularly updated
-
Look at: a log of inspections or a checklist verifying that infotainment settings are secure. A well-maintained log shows regular, consistent checks
-
Ask: meeting minutes from team discussions on the policy. Check for notes that mention mobile device policies and specific actions taken for enforcement. Good meeting records should indicate active involvement and adherence to the policy
Cross-framework mappings
How ISM-2099 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.
No cross-framework mappings recorded yet.