'Digital Key' Standard Uses Your Phone To Unlock Your Car

The Car Connectivity Consortium, a mix of major smartphone and automotive brands, has posted a Digital Key 1.0 standard that will let you download a virtual key that can unlock your vehicle, start the engine and even share access with other drivers. Engadget reports: Unsurprisingly, the technology focuses on security more than anything else. Your car manufacturer uses an existing trusted system to send the digital key to your phone, which uses close-range NFC to grant access to your ride. You can't just unlock your car from inside your home, then, but this would also force would-be thieves to be physically present with your phone when trying to unlock your car. Apple, LG and Samsung are among the phone brands in the group, while car brands including BMW, Hyundai and the Volkswagen group are also onboard. There's also talk of a version 2.0 spec that will promise more interoperability between cars and mobile devices in the first quarter of 2019.

That is surprising

[stoborrobots]

Unsurprisingly, the technology focuses on security more than anything else.

The way things are in this industry at the moment, that is incedibly surprising to me...

Re:That is surprising

[AmiMoJo]

Actually phones have increased security for things like mobile payments. Rather than just a contactless tap or easily observed PIN, you have a fingerprint unlock or arbitrarily long password.

Let's think about the security implications of unlocking/starting your car with your phone instead of the key. The key is probably just as vulnerable to theft since you have to have it on you, but has no authentication mechanism at all. No fingerprints, no passcodes, just having it unlocks and starts you car. So even if you disable authentication on your phone it's still no worse than the key.

Modern car keys use radio comms, so no loss there. Actually the wireless comms used for mobile payments are even more secure, being extremely short range and using a well tested standard algorithm instead of the manufacturer's own concoction. Never roll your own security if you can help it.

So all in all using your phone as a key seems like it can only be a net win. We have established that phones can securely keep secret tokens, as require for contactless payments.

Re:What was wrong

[GuB-42]

The biggest issue is that that's something you need to have on you. Not having a key is one less thing to carry around.
Second: a key is single factor authentication. Phones can be multi-factor (you need the phone and a password for instance). Keys are also difficult to revoke. If you lose the key, you need to physically change the lock in order to get a new bitting.
Another advantage of phone-based authentication is that you can transmit a token remotely to someone else if you want to give him access to you car. Basically the equivalent of putting car keys in someone's mailbox, but you get to keep your own key, and you don't need to actually go put it in the mailbox.

Saying "what's wrong with a key" is like saying "what's wrong with cash". There are many compelling arguments for cash over credit cards and the like, but cash isn't without issues.

Re:Sigh

[thegarbz]

Not least "your battery runs flat, but you need to open it to jump-start it"

1. Err this is a solved problem and has been for pretty much every "keyless" car on the market. There's always a secondary means of entry available to owners.

Someone sniffed the NFC transaction from across the street- NFC is short-range-powered, but long-range-ordinary-radio-signal

2. Err this is a solved problem and has been since the dawn of encryption.

Every garage has a way to open that car if the system should fail and you can buy the kit to open any car for $20k

3. Err See #1

My phone got a virus and now anyone can open my car

4. Err See #1

Previous owners of the car can just walk up to it with their phone to unlock it

5. Err just like you can* access my Facebook account from my previous phone after a factory reset?
*You can't.

etc. etc. etc

Oh no, please continue. I'm enjoying reading one nonsense statement after another.