Why Digital Car Keys Are Safer Than You Think

The vehicle locking system has gone through a century-long evolution. Despite being a subtle component, tremendous efforts have been put into making more secure locks and more convenient keys, with increasingly sophisticated technology and features built into them. Clearly, the car keys we use today show no resemblance of what they were like decades ago. In fact, the combined door and ignition key was only invented in the 1960s. Prior to that, vehicle owners needed to carry different sets of keys for the door locks and the ignition lock. Then in the 1980s, the remote keyless system (RKS) was adopted, commonly referred to as keyless entry, allowing drivers to remotely control the door locks with the press of a button on their key fob. This continued to evolve into the smart key fob, which by using RFID (radio frequency identification) technology, automatically unlocks a vehicle within proximity, enabling hands-free passive keyless entry. Today, many automotive manufacturers are taking one step further to eliminate the need for any physical form of key, by adopting the digital car key – a virtual smart key that combines wireless communication technologies with authentication software, readily installable onto smartphones.

Despite the convenience the digital car key offers, many remain skeptical of the idea of virtually “logging in” to a vehicle via a smartphone app, with security being the primary concern. Indeed, having a tangible key fob at hand does feel more psychologically secure than a virtual key on the smartphone. However, evidence suggests otherwise – digital car keys are much safer than we might think.

Worldwide Standardization for Digital Car Keys: CCC Digital Key

Unlike other software application services, the architecture of the digital car key is strictly standardized by the Car Connectivity Consortium (CCC), which publishes a detailed release for all manufacturers and software developers to follow, ensuring security and worldwide interoperability.

Since its establishment, the CCC Digital Key standard has received two major updates to incorporate more advanced technologies for added security and convenience. Besides adopting robust PKI-based authentication measures that exceed the security standards of the financial industry, the Digital Key also uses cutting-edge communication technologies to prevent man-in-the-middle (MITM) attacks that attempt to intercept messages. The latest standard, CCC Digital Key 3.0, was introduced in 2021, adopting two new wireless communication technologies – UWB (ultra-wideband) and BLE (Bluetooth Low Energy). These technologies are comparably more secure compared to the RFID technology used in smart key fobs.

Reducing the Risk of Relay Attacks

Although the smart key fob might appear safer than the Digital Key given that the owner has complete physical control of the key, it is in fact highly vulnerable to MITM attacks, particularly relay attacks. Since the smart key fob communicates with the vehicle via RFID signals, attackers can attempt to intercept the signals and use it for their advantage, mostly for stealing vehicles.

A relay attack is surprisingly simple and easy to implement, requiring no technical knowledge. All it needs is two people and two RFID transmitters. One person needs to stand within a certain range of the key fob (usually near the house of the car owner), carrying a transmitter device that picks up RFID signals from the key fob. The device then relays that signal to the second person, who stands beside the targeted vehicle holding a receiver device that picks up the relayed signal, hence unlocking the vehicle. These devices can be easily found and purchased online at affordable prices, with some of them being able to pick up signals from 100 meters away.

Relay attacks are by far the most common cause of vehicle thefts today. According to vehicle theft recovery firm Tracker, 93% of all vehicles it recovered were stolen by relay attacks. Of course, these attacks can be easily prevented by storing the key fob in a metal box or carrying it in a dedicated RFID blocking case. However, having to remove the key fob from a case prior to every use undermines the whole purpose of having a smart key fob in the first place – seamless entry.

Since the Digital Key uses more advanced communication technologies such as UWB and BLE, all of which aren’t vulnerable to MITM attacks, the Digital Key provides much stronger protection against vehicle thefts. In fact, evidence shows that there has not been a single successful case of Digital Key compromise. Although there have been a few cases of hackers who claimed to be able intercept the signals of a digital key through a relay attack, no vehicle theft has been reported as a result.

Chances of Remote Hacking?

Since the Digital Key depends on software-based authentication, many are concerned about the potentials of vehicle hacking. Precisely speaking, every connected system is prone to hacking, but the possibility of a hacker successfully bypassing PKI-based authentication and gaining access to the key is extremely low. Pwn2Own, one of the most popular cybersecurity contests, offered a $100,000 reward to anyone who could hack the digital key of a Tesla Model 3 through code execution, but nobody managed to compromise the key during the contest.

Many users also worry about losing their smartphone, hence losing access to their car. With the Digital Key, users can easily terminate or suspend their key by logging into their account from another device, preventing unauthorized usage of the lost or stolen key.

Additionally, unlike smart key fobs, which have limited buttons and features, the Digital Key provides much more versatile functionalities. For instance, the app can be used to set up a variety of configurations and commands, such as opening and closing the trunk, controlling the A/C, and even sharing the key with friends and family.

Secure Car Sharing

When using a physical key fob, vehicle sharing isn’t easy. Since only two pairs of key fobs are given when purchasing a new car, sharing the car with multiple family members or friends can be a hassle. Moreover, once the key is passed onto the shared user, the owner has no control of the car whatsoever, leading to security and safety concerns.

With the Digital Key, the car sharing process is made much more easy and secure. The owner simply needs to send an invitation link to the shared user to grant them access to the vehicle. Additionally, the owner retains partial control of the vehicle via the app, which allows them to configure the duration of shared usage, the maximum speed, the number of unlocks, and many more.

The vehicle sharing feature of the Digital Key is also beneficial for corporate cars and ridesharing service platforms. Since these publicly accessible vehicles tend to be used carelessly, incorporating the Digital Key offers great potential in enhancing both safety and convenience.

AUTOCRYPT’s Digital Key

As the first mobility security company in Asia to join the Car Connectivity Consortium, AUTOCRYPT’s Digital Key solution is a custom digital key development solution in compliance with the CCC standards, based on AUTOCRYPT’s proprietary PKI-based authentication system, issuing certificates that are embedded to the module during application development.

To stay informed and updated on the latest news about AUTOCRYPT and mobility tech, subscribe to AUTOCRYPT’s quarterly newsletter.

A Keyless Future

Throughout history, the concept of access has remained sacred to society. In fact, records show that Ancient Egyptians utilized pin tumbler locks made of wood over six thousand years ago. Society has come a long way since the first-ever locks, with the structural integrity of the locks evolving to become more secure as technology advances. The concept of lock and key has kept our personal belongings and homes secure, but also our vehicles. As we moved into the smart era of hyper-connectivity, automotive manufacturers began to develop the idea of a virtual “digital key.”

The first-ever car key was created in 1910, though it had not yet developed to a point where it could turn the ignition, the keys could keep out unwanted auto theft by locking and unlocking the passenger and driver doors. 1949 saw the first-ever ignition keys that not only locked doors but also operated the car’s starter mechanism. Chrysler created the technology and other manufacturers followed suit, putting their own spin on the design – it became a popular concept to mark vehicle keys with the manufacturer logo, a sign of prestige.

However, as keys themselves became signifiers of the ownership of a valuable commodity, the number of vehicle thefts increased exponentially. In 1991, vehicle theft in the United States reached a record high of over 1.6 million, at a rate of 659.01 per 100,000 population. As the numbers rose, car manufacturers searched for ways to ward off thefts, and in the 1990s, central locking systems began to be prevalent in new models of automobiles. These systems allowed for one lock to be able to simultaneously lock all doors of the car – owners no longer needed to go around to each door to lock their vehicle. share through those mutual goals. 

Progress did not stop there, as keys continued to evolve into more secure, more convenient access tools. The transponder chip for automobiles was introduced in 1995, resulting in even greater security for the vehicle. The transponder contains a code that sends a command to the ignition control unit; the car does not start unless the transponder matches the immobilizer (an electronic security device fitted into the vehicle). They are often combined with remote keys, allowing for a button to be clicked to lock and unlock using a radio transmitter to send a signal to the receiver in the vehicle.

This brings us to current trends, where most vehicle keys are remote systems that can open the door and start the engine without the key making physical contact with the car itself. However, they do need to be in close proximity, as it communicates with the vehicle using a low frequency (LF) or ultra-high frequency (UHF) radio signal. The car will not operate properly if it does not sense the key in its confines. 

As we moved into the smart era of hyper-connectivity, automotive manufacturers and experts in the industry began to develop the idea of a virtual “digital key.” Near Field Communication (NFC) technology would allow for access, locking and unlocking the car, while server communication would allow for more tasks to be controlled through the device like ignition control, climate control, and even in-vehicle infotainment control. All this could be accessed through a digital key management application on the mobile device – conveniently, one less item to carry for vehicle owners.  

holding digital key on phone by vehicle

However, as keys become more connected and less physical, there is yet another element to consider: cybersecurity. It is crucial that we consider that the more connectivity we usher in, the more enticing it can be for attackers to look for a way to infiltrate. This is why it is also essential to incorporate security technology like Public Key Infrastructure (PKI) into the system to guarantee security even at its convenience.

While we will ultimately get to a point in vehicle evolution where a physical key does not necessarily need to be carried around, the reality is that though the idea of the traditional key will change, ultimately the concept will remain. A key’s purpose is to help its owner access different entry points, but to also keep them safe by locking out unwanted intruders. Therefore, no matter the form of the key, digital or physical, security will remain essential.

For more information about AUTOCRYPT and its digital key, learn more here.