The Potential Risks Of Digital Car Keys
You can now unlock your car remotely without a key fob, assuming you have a smartphone and a compatible car. Apple updated its Wallet ecosystem in 2020 to allow users to add their digital car keys. This means you can access your car remotely from your iPhone or Apple Watch, and grant its access to your spouse, babysitter, or guest. Google likewise makes it possible for Android users to unlock and start their cars using a phone from the Pixel 6 family or any device running Android 12.
Of course, digital car keys are very convenient, particularly because you only need facial recognition or a password on your smartphone to lock, unlock, or start your car. Not to mention, it's unlikely you will lock the car with your smart key inside it. However, despite their ease of use, digital car keys could open a Pandora's box of things that could go wrong.
Digital cars keys are more secure, but with potential security flaws
According to Tracker, at least 93% of vehicles it recovered in 2020 were stolen through a relay attack. This usually happens when car thieves intercept RFID signals from a key fob using a hacking device to gain access to the vehicle. However, the latest digital car keys specifications from the Car Connectivity Consortium use Ultra-Wideband (UWB) technology that makes them immune to relay attacks. Unlike RFID signals, UWB technology is more precise in calculating the proximity of your smartphone's digital car key.
Despite its security benefits, not all cars that are compatible with digital car keys have implemented UWB technology. Some car manufacturers like Tesla, Hyundai, and Lincoln use digital car keys that rely on Bluetooth Low Energy (BLE) or Near-Field Communication (NFC) systems. What's the difference? Digital car keys that use BLE technology can communicate with your car at a longer range compared to UWB technology. On the other hand, if you have a smartphone with NFC technology, you need to hold it a few centimeters away from your car's door to unlock it. Besides that, NFC technology makes it possible to use your digital car key even if your battery is drained.
Since digital car keys with BLE communicate at a longer transmission distance than UWB technology, they're more susceptible to a security breach. But that potential security flaw can be solved if your digital car key supports UWB, BLE, and NFC simultaneously. The problem is, it could be a while before most cars are compatible with UWB technology because it's more expensive to install compared to BLE systems (via Link-Labs).
Digital car keys haven't yet been hacked
Even though digital car keys have a potential security flaw, we are yet to come across a credible news source that claims a car was stolen after its digital car key was hacked remotely –- we can't say the same about keyless fobs. In fact, Pwn2Own, one of the most popular cybersecurity contests, offered a $100,000 reward to anyone who could hack the smartphone digital car key of the Tesla Model 3 through code execution. Despite the prize, nobody managed to successfully compromise the digital car key of the Tesla Model 3 during the contest, but the infotainment system was hacked due to a glitch in the web browser (via CNBC).
Until proven otherwise, we can deduce that the biggest potential security risk would be someone stealing your smartphone and using it to access your car –- if you've disabled your password or biometric verification. Then again, if that happens, you have the option to track down your missing smartphone or deactivate your digital car key. While there may be some flaws with digital car keys — at least those that use only NFC or BLE — for now, they seem to be a reasonably safe way to secure your car.