The vehicle locking system has gone through a century-long evolution. Despite being a subtle component, tremendous efforts have been put into making more secure locks and more convenient keys, with increasingly sophisticated technology and features built into them. Clearly, the car keys we use today show no resemblance of what they were like decades ago. In fact, the combined door and ignition key was only invented in the 1960s. Prior to that, vehicle owners needed to carry different sets of keys for the door locks and the ignition lock. Then in the 1980s, the remote keyless system (RKS) was adopted, commonly referred to as keyless entry, allowing drivers to remotely control the door locks with the press of a button on their key fob. This continued to evolve into the smart key fob, which by using RFID (radio frequency identification) technology, automatically unlocks a vehicle within proximity, enabling hands-free passive keyless entry. Today, many automotive manufacturers are taking one step further to eliminate the need for any physical form of key, by adopting the digital car key – a virtual smart key that combines wireless communication technologies with authentication software, readily installable onto smartphones.
Despite the convenience the digital car key offers, many remain skeptical of the idea of virtually “logging in” to a vehicle via a smartphone app, with security being the primary concern. Indeed, having a tangible key fob at hand does feel more psychologically secure than a virtual key on the smartphone. However, evidence suggests otherwise – digital car keys are much safer than we might think.
Worldwide Standardization for Digital Car Keys: CCC Digital Key
Unlike other software application services, the architecture of the digital car key is strictly standardized by the Car Connectivity Consortium (CCC), which publishes a detailed release for all manufacturers and software developers to follow, ensuring security and worldwide interoperability.
Since its establishment, the CCC Digital Key standard has received two major updates to incorporate more advanced technologies for added security and convenience. Besides adopting robust PKI-based authentication measures that exceed the security standards of the financial industry, the Digital Key also uses cutting-edge communication technologies to prevent man-in-the-middle (MITM) attacks that attempt to intercept messages. The latest standard, CCC Digital Key 3.0, was introduced in 2021, adopting two new wireless communication technologies – UWB (ultra-wideband) and BLE (Bluetooth Low Energy). These technologies are comparably more secure compared to the RFID technology used in smart key fobs.
Reducing the Risk of Relay Attacks
Although the smart key fob might appear safer than the Digital Key given that the owner has complete physical control of the key, it is in fact highly vulnerable to MITM attacks, particularly relay attacks. Since the smart key fob communicates with the vehicle via RFID signals, attackers can attempt to intercept the signals and use it for their advantage, mostly for stealing vehicles.
A relay attack is surprisingly simple and easy to implement, requiring no technical knowledge. All it needs is two people and two RFID transmitters. One person needs to stand within a certain range of the key fob (usually near the house of the car owner), carrying a transmitter device that picks up RFID signals from the key fob. The device then relays that signal to the second person, who stands beside the targeted vehicle holding a receiver device that picks up the relayed signal, hence unlocking the vehicle. These devices can be easily found and purchased online at affordable prices, with some of them being able to pick up signals from 100 meters away.
Relay attacks are by far the most common cause of vehicle thefts today. According to vehicle theft recovery firm Tracker, 93% of all vehicles it recovered were stolen by relay attacks. Of course, these attacks can be easily prevented by storing the key fob in a metal box or carrying it in a dedicated RFID blocking case. However, having to remove the key fob from a case prior to every use undermines the whole purpose of having a smart key fob in the first place – seamless entry.
Since the Digital Key uses more advanced communication technologies such as UWB and BLE, all of which aren’t vulnerable to MITM attacks, the Digital Key provides much stronger protection against vehicle thefts. In fact, evidence shows that there has not been a single successful case of Digital Key compromise. Although there have been a few cases of hackers who claimed to be able intercept the signals of a digital key through a relay attack, no vehicle theft has been reported as a result.
Chances of Remote Hacking?
Since the Digital Key depends on software-based authentication, many are concerned about the potentials of vehicle hacking. Precisely speaking, every connected system is prone to hacking, but the possibility of a hacker successfully bypassing PKI-based authentication and gaining access to the key is extremely low. Pwn2Own, one of the most popular cybersecurity contests, offered a $100,000 reward to anyone who could hack the digital key of a Tesla Model 3 through code execution, but nobody managed to compromise the key during the contest.
Many users also worry about losing their smartphone, hence losing access to their car. With the Digital Key, users can easily terminate or suspend their key by logging into their account from another device, preventing unauthorized usage of the lost or stolen key.
Additionally, unlike smart key fobs, which have limited buttons and features, the Digital Key provides much more versatile functionalities. For instance, the app can be used to set up a variety of configurations and commands, such as opening and closing the trunk, controlling the A/C, and even sharing the key with friends and family.
Secure Car Sharing
When using a physical key fob, vehicle sharing isn’t easy. Since only two pairs of key fobs are given when purchasing a new car, sharing the car with multiple family members or friends can be a hassle. Moreover, once the key is passed onto the shared user, the owner has no control of the car whatsoever, leading to security and safety concerns.
With the Digital Key, the car sharing process is made much more easy and secure. The owner simply needs to send an invitation link to the shared user to grant them access to the vehicle. Additionally, the owner retains partial control of the vehicle via the app, which allows them to configure the duration of shared usage, the maximum speed, the number of unlocks, and many more.
The vehicle sharing feature of the Digital Key is also beneficial for corporate cars and ridesharing service platforms. Since these publicly accessible vehicles tend to be used carelessly, incorporating the Digital Key offers great potential in enhancing both safety and convenience.
AUTOCRYPT’s Digital Key
As the first mobility security company in Asia to join the Car Connectivity Consortium, AUTOCRYPT’s Digital Key solution is a custom digital key development solution in compliance with the CCC standards, based on AUTOCRYPT’s proprietary PKI-based authentication system, issuing certificates that are embedded to the module during application development.
To stay informed and updated on the latest news about AUTOCRYPT and mobility tech, subscribe to AUTOCRYPT’s quarterly newsletter.