'Digital Key' Standard Uses Your Phone To Unlock Your Car

The Car Connectivity Consortium, a mix of major smartphone and automotive brands, has posted a Digital Key 1.0 standard that will let you download a virtual key that can unlock your vehicle, start the engine and even share access with other drivers. Engadget reports: Unsurprisingly, the technology focuses on security more than anything else. Your car manufacturer uses an existing trusted system to send the digital key to your phone, which uses close-range NFC to grant access to your ride. You can't just unlock your car from inside your home, then, but this would also force would-be thieves to be physically present with your phone when trying to unlock your car. Apple, LG and Samsung are among the phone brands in the group, while car brands including BMW, Hyundai and the Volkswagen group are also onboard. There's also talk of a version 2.0 spec that will promise more interoperability between cars and mobile devices in the first quarter of 2019.

That is surprising

[stoborrobots]

Unsurprisingly, the technology focuses on security more than anything else.

The way things are in this industry at the moment, that is incedibly surprising to me...

Re:That is surprising

[AmiMoJo]

Actually phones have increased security for things like mobile payments. Rather than just a contactless tap or easily observed PIN, you have a fingerprint unlock or arbitrarily long password.

Let's think about the security implications of unlocking/starting your car with your phone instead of the key. The key is probably just as vulnerable to theft since you have to have it on you, but has no authentication mechanism at all. No fingerprints, no passcodes, just having it unlocks and starts you car. So even if you disable authentication on your phone it's still no worse than the key.

Modern car keys use radio comms, so no loss there. Actually the wireless comms used for mobile payments are even more secure, being extremely short range and using a well tested standard algorithm instead of the manufacturer's own concoction. Never roll your own security if you can help it.

So all in all using your phone as a key seems like it can only be a net win. We have established that phones can securely keep secret tokens, as require for contactless payments.