This means that users caniPhoneOr Apple Watch to remotely access your own car and grant access to your spouse, babysitter, or guests. Google is also making it possible for Android users to use the Pixel 6 seriescell phoneOr any device running Android 12 to unlock and start their car.
Digital car keys are very convenient, especially since all it takes is facial recognition on a smartphone or a passcode to lock, unlock or start the car. Yet while the digital car key is easy to use, it can open a Pandora’s box that can get out of hand.
Digital car keys are more secure, but have potential security flaws
According to Tracker, at least 93 percent of the vehicles it recovered in 2020 were stolen through relay attacks. This usually happens when car thieves use a hacking device to intercept the key fob’s RFID signal to gain access to the vehicle. However, the latest digital car key specification from the Car Connectivity Consortium uses ultra-wideband (UWB) technology, which makes it immune to relay attacks. Unlike RFID signals, UWB technology is more precise in calculating the proximity of a smartphone’s digital car key.
Despite the security benefits, not all digital car key-compatible cars deploy UWB technology. Some automakers such as Tesla, Hyundai and Lincoln use digital car keys that rely on Bluetooth Low Energy (BLE) or Near Field Communication (NFC) systems. What’s the difference? Compared with UWB technology, digital car keys using BLE technology can communicate with their own cars over a longer range. On the other hand, if a smartphone with NFC technology is used, the user needs to hold it a few centimeters away from the door to unlock it. In addition, NFC technology enables the digital car key to be used even if the battery is depleted.
Because digital car keys using BLE can travel farther than UWB technology, they are more vulnerable to security breaches. But if the digital car key supports UWB, BLE and NFC at the same time, then this potential security flaw can be solved. The problem is that it may take a while for most cars to be compatible with UWB technology because it is more expensive to install than BLE systems.
Digital car keys haven’t been hacked
Despite the potential security flaws of digital car keys, we have yet to come across a credible news source claiming that a car was stolen after its digital car key was hacked remotely. Pwn2Own, one of the most popular cybersecurity competitions, is offering a $100,000 reward to anyone who can hack a Tesla Model 3’s smartphone digital car key through code execution. Despite the prize money, no one managed to hack a Tesla Model 3’s digital key during the race, though the car’s infotainment system was hacked because of a web browser glitch.
Before proving this, it can be inferred that the biggest potential security risk is someone stealing a smartphone and then using it to gain access to the car. If that happens, people can choose to track a lost smartphone or deactivate the digital car key. While digital car keys may have some flaws — at least those that only use NFC or BLE — they appear to be a reasonably secure way to secure a car for now.
