Now, you can unlock your car remotely without a keychain, provided you have a smartphone and a compatible car. Apple updated its wallet ecosystem in 2020, allowing users to add their digital car keys to it.
This means that users can use their own iPhone Or apple watch to remotely access your car and grant access to your spouse, nanny or guest. Google also makes it possible for Android users to unlock and start their cars using pixel 6 series phones or any device running Android 12.
The digital car key is very convenient, especially because you can lock, unlock or start the car only by facial recognition on the smartphone or entering a password. However, although the digital car key is easy to use, it may open a Pandora's box that will get things out of control.
Digital car keys are safer, but they have potential security defects
According to tracker, at least 93% of the vehicles it recovered in 2020 were stolen through relay attacks. This usually happens when car thieves use hacker devices to intercept the RFID signal of the keychain to enter the vehicle. However, the car connectivity consortium's latest digital car key specification uses ultra wideband (UWB) technology, which makes it immune to relay attacks. Unlike RFID signals, UWB technology is more accurate in calculating the proximity of smart phone digital car keys.
Despite the security benefits, not all vehicles compatible with digital car keys have deployed UWB technology. Some car manufacturers such as Tesla, Hyundai and Lincoln use digital car keys that rely on Bluetooth low-energy (ble) or near-field communication (NFC) systems. What's the difference? Compared with UWB technology, digital car keys using ble technology can communicate with their own cars in a wider range. On the other hand, if you use a smart phone with NFC technology, users need to place it a few centimeters away from the door to unlock it. In addition, NFC technology enables digital car keys to be used even when the battery is exhausted.
Because the transmission distance of digital car keys using ble is longer than that of UWB technology, they are more vulnerable to security vulnerabilities. However, if the digital car key supports UWB, ble and NFC at the same time, this potential security defect can be solved. The problem is that most cars may take some time to be compatible with UWB technology, because it costs more to install than ble system.
The digital car key has not been hacked
Although the digital car key has potential security defects, we have not encountered a reliable news source claiming that a car was stolen after its digital car key was remotely invaded. Pwn2own is one of the most popular cybersecurity competitions, offering a $100000 reward to anyone who can hack into Tesla Model 3's smartphone digital car keys through code execution. Despite the bonus, no one successfully invaded the digital car key of Tesla Model 3 during the game, but the car's infotainment system has been invaded due to the failure of the web browser.
Before proving this, it can be inferred that the biggest potential security risk is that someone steals a smartphone and uses it to access the car. If this happens, people can choose to track the lost smartphone or disable the digital car key. Although digital car keys may have some defects - at least those that only use NFC or ble - for now, they seem to be a reasonable safe way to protect cars.