Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Transportation Digital Security Apple Technology

'Digital Key' Standard Uses Your Phone To Unlock Your Car (engadget.com) 158

The Car Connectivity Consortium, a mix of major smartphone and automotive brands, has posted a Digital Key 1.0 standard that will let you download a virtual key that can unlock your vehicle, start the engine and even share access with other drivers. Engadget reports: Unsurprisingly, the technology focuses on security more than anything else. Your car manufacturer uses an existing trusted system to send the digital key to your phone, which uses close-range NFC to grant access to your ride. You can't just unlock your car from inside your home, then, but this would also force would-be thieves to be physically present with your phone when trying to unlock your car. Apple, LG and Samsung are among the phone brands in the group, while car brands including BMW, Hyundai and the Volkswagen group are also onboard. There's also talk of a version 2.0 spec that will promise more interoperability between cars and mobile devices in the first quarter of 2019.
This discussion has been archived. No new comments can be posted.

'Digital Key' Standard Uses Your Phone To Unlock Your Car

Comments Filter:
  • by stoborrobots ( 577882 ) on Friday June 22, 2018 @05:08AM (#56827236)

    Unsurprisingly, the technology focuses on security more than anything else.

    The way things are in this industry at the moment, that is incedibly surprising to me...

    • It's unsurprising that they used the word "security" in their product just like everyone else with an open AWS machine.

      Whether it is secure or not is yet to be seen. At least you can't remotely drive the cars. Else someone will design a game where you drive a car onto a boat. And we get a few million cars stolen one night.

      • Label it the âoeCar/Boat Challengeâ on YouTube and thousands of teens will be duped into commiting grand theft auto overnight. Afterall, they dont seem to think for themselves anymore. Theyve been turned into lemmings and indoctrinated into GroupThink. Nobody even uses the expression âoeIf everyone else jumped off a bridge, would you?!â Because, they probably would. See Tide Pod challenge for a perfect example of this.

        • by gnick ( 1211984 )

          "If everyone else jumped off a bridge, would you?" Because, they probably would.

          Wouldn't you? If I'm standing on a bridge and everyone starts throwing themselves into the water, I'll probably assume that there's something motivating them. Doubly so if my friends are jumping, because I know my friends to be rational people. No matter where I am, if "everyone" begins fleeing, I'll probably flee too.

      • You know...I just miss having a physical, metal KEY

        My latest car is the first one I've owned that just has the key fob, that if present allows start of the car with a button.

        I guess it is from decades of muscle memory, but even after I push the button to turn it off, before I get out, my right hand reaches over near the steering wheel to grab the keys.

        I don't suppose I'll ever get used to it.

        I'm guessing with fobs, much like this cell phone option...if you run out of batteries, you are SOL if you need

        • by gnick ( 1211984 )

          even after I push the button to turn it off, before I get out, my right hand reaches over near the steering wheel to grab the keys.

          I'm on my first keyless car too. It still distresses me to close the locked car door after exiting without a set of keys in my hand. I ALWAYS looked at my keys as I closed the door and I never locked my keys in the car. But then, when I get to about 15 mph I still reach toward the console to shift into second even though it's been probably a decade since I've driven a manual transmission.

          • But then, when I get to about 15 mph I still reach toward the console to shift into second even though it's been probably a decade since I've driven a manual transmission.

            Well, thankfully, I can still say that I've never owned a car with an automatic transmission, I'm manual only!!

        • I have an older vehicle that has a key with a built in remote, and a transponder chip, which ensures it will start the car even if the battery is dead. I don't need to try to pry off part of the door handle either. The vehicle "auto cranks", and can be used with a push-button start, but I know that for someone to steal the car, they need to have a chip presence, and bypass the physical Strattec lock. Not impossible, but a lot harder to steal than a thief using a device that makes someone's transponder ke

        • If you really want to, consider installing a hook, magnet, velcro, etc. to suspend the fob near where you're used to. Probably what I would do, though I plan to run my current old-style (mid-2000s crown victoria, which still has (more or less) the same interior arrangement as the 1992 model) automobile into the ground, so probably won't have to worry about the fobs for many years.
        • About a year ago, I got a car with a fob. I actually like it better than a key.

          It won't let me lock the car from the door handle button if the fob is inside. It will allow me to lock the car with it still running but beeps a warning. It won't start without the fob in the front seats.

          The single door handle & step lights go on if I get close while it is parked. The door unlocks with the handle button. All doors unlock and step lights turn on for all if double pushed. The hatch opens if the fob is behind i

    • by AmiMoJo ( 196126 ) on Friday June 22, 2018 @05:58AM (#56827316) Homepage Journal

      Actually phones have increased security for things like mobile payments. Rather than just a contactless tap or easily observed PIN, you have a fingerprint unlock or arbitrarily long password.

      Let's think about the security implications of unlocking/starting your car with your phone instead of the key. The key is probably just as vulnerable to theft since you have to have it on you, but has no authentication mechanism at all. No fingerprints, no passcodes, just having it unlocks and starts you car. So even if you disable authentication on your phone it's still no worse than the key.

      Modern car keys use radio comms, so no loss there. Actually the wireless comms used for mobile payments are even more secure, being extremely short range and using a well tested standard algorithm instead of the manufacturer's own concoction. Never roll your own security if you can help it.

      So all in all using your phone as a key seems like it can only be a net win. We have established that phones can securely keep secret tokens, as require for contactless payments.

      • Except having a physical key requires actually having the key in your posession. Some cars are more suceptible to hotwiring and slimjims, but thats the least common way cars are stolen and its pretty obvious when observed. I suspect with this that someone will discover a flaw in the API that allows any user to bypass authentication and execute the unlock feature. Its the same reason i dont have digital locks on my house. Why make it easy on them?

        • Except having a physical key requires actually having the key in your posession.

          Not the case with lots of new cars. Increasingly, they're all moving to RF keys, as AmiMoJo said. This is super convenient, since it means that you just have to have the key in your pocket and to be able to open the door and drive. But it also opens the keys up to relay attacks, where the key may be miles away from the car but a pair of transceivers relays the signal.

          FWIW, I'm working on digital car keys for Android as well. I own most of "hardware-backed security" for Android at Google, which means most

      • Actually phones have increased security for things like mobile payments.

        Sure, until you drop them.

        (or sit on them, or whatever...)

        I wouldn't want my money and car to be locked up using something so fragile.

      • That fingerprint authentication is bullshit. A few years ago I discovered that my daughter added her fingerprint to my authentication just so that she didnâ(TM)t have to type in the pin number to unlock my phone. She was 10. Then they started rolling out fingerprint purchases out of the App Store. They didnâ(TM)t even have the foresight to require you to enter in your Apple ID and password to add a new fingerprint. They simply record your phone to be unlocked from a simple pin. And there in lie

        • That fingerprint authentication is bullshit. A few years ago I discovered that my daughter added her fingerprint to my authentication just so that she didnâ(TM)t have to type in the pin number to unlock my phone. She was 10. Then they started rolling out fingerprint purchases out of the App Store. They didnâ(TM)t even have the foresight to require you to enter in your Apple ID and password to add a new fingerprint. They simply record your phone to be unlocked from a simple pin. And there in lies the fundamental flaw. What good is all this super security if the mechanism to add new trustees has no security. And there in lies a fundamental flaw. What good is all the super security if the mechanism to add new trustees has no security?

          There was a a gaping, almost impossible to fix flaw in that ecosystem. That would be you.

          Letting a 10 year old access your phone, and allowing her unsupervised access to boot is the biggest security flaw.

          And you deciding to blame it on Apple just shows that you'll defeat anything they can come up with

        • by berj ( 754323 )

          To add a new fingerprint you need to enter the unlock code for the phone. Your daughter had this so thatâ(TM)s how she did it. You let her.

          In order to enable Touch ID for App Store purchases (which is off by default as far as I know) you need to type in your Apple ID password. Either you did that or she knows the password.

          Not sure how much more protection you can expect.

          • Incorrect. And a pin code is not as secure as appleID password. I have figerprint purchases turned off. And every single fucking time I buy anything, the goddamn thing tries to turn it back on. Where is the âoefuck you, I said fucking NO 12 times agoâoe button? However, is it too much to ask for appleid password to alter the authentication method? I have to give this password to do an update or authorize a purchase, But a simple pin number is all that is required to add new accounts??? That

            • by berj ( 754323 )

              Sorry.. I just don't see what you're seeing.

              I turned off Touch ID purchases on my phone just now.

              In order to turn it back on I need to enter my apple ID password.

              I just went and bought something in the app store. Entered my Apple ID password. It didn't ask me to turn on touch ID for purchases.

              To add a new fingerprint it is *not* sufficient to simply have the phone unlocked. In order to access the "Touch ID and Passcode" page of the preferences you need to enter your passcode *again*. This is how it's al

              • by e3m4n ( 947977 )

                This is not how it has always been. Not with regard to adding new fingerprints. How do I know? Because my daughter does not have the faintest clue what my appleID is, hell my wife doesnt even know. Its not my email account for damn sure. She is 15 now. This happened back on my 5S. As far as asking to turn on touchID for purchases, every - single - time I get a purchase request (family sharing where kids have to request permission to get an app) and I authorize it, it constantly nags me to turn on touchID a

        • by EvilSS ( 557649 )
          You can't add a fingerprint without the phone's PIN code. If you gave that to someone else then that is your fault. You can also use anything for the pin, including a password. If you choose to use the default 4-number pin, again, that's on you not Apple.
          • Then why dont they ask for a PIN code when making a purchase? After all, you seem to think itâ(TM)s so fucking secure, I did, by the way, mention it was âoeyears ago âoe. It was actually just a four digit numerical value back then. It wasnt until around thr iphone6 that they switched to even 6 digits. Apple clearly established two levels of security; one being higher than the other one. The PIN code has ALWAYS been considered less secure and unacceptable for financial authorizations. If

            • by EvilSS ( 557649 )
              Nope, you have been able to set long and complex pins since at least the iPhone 5, before they added finger print readers. I know because I've always used a long code and forgot mine once and had to reset my iPhone 5 after a trip to the theater (and turning the phone off during the movie). As for why they use the pin for security on the phone, it's because a) you don't have to have an iCloud account to use the phone and b) it's tied to the phone, and only that phone unlike the cloud account. You are blaming
            • by EvilSS ( 557649 )
              Here is a link for instructions for iOS 5, released in 2011. It allowed up to 37 numbers or characters. That went up to 90 with iOS 7.

              https://www.youtube.com/watch?v=zz_UotC0JR8 [youtube.com]
      • The smartphone isn't the weak link here - it's car manufacturer's "existing trusted system." I suspect it'll be much easier for a bad actor to trick the manufacturer into sending a key to their smartphone than it would be for them to walk into a dealership and convince them to make a copy of a key that isn't already in their possession.
        • The smartphone isn't the weak link here - it's car manufacturer's "existing trusted system." I suspect it'll be much easier for a bad actor to trick the manufacturer into sending a key to their smartphone than it would be for them to walk into a dealership and convince them to make a copy of a key that isn't already in their possession.

          Tesla's process requires you to send a copy of your registration and ID to get your vehicle associated with your Tesla account, which allows your phone to unlock and even drive the car without a key. The documentation is sent via email (assuming you're not buying from Tesla directly, in which case it would be easier), but I'm told they also validate the information against the public data from the state (at least in the US), so it seems reasonably good. The same paperwork would get a dealership to make a ke

      • It depends on what you actually have to do to unlock your car with your phone. An increasingly common way to steal cars that have radio keys relying solely on proximity, is a relay attack. One guy stays at the car with a relay device, the other walks around your house with a device sniffing for your car key. Once the key is found, the devices link up over radio to relay the handshake between your car and your key. The car opens and starts, and off they go.
      • Let's think about the security implications of unlocking/starting your car with your phone instead of the key. The key is probably just as vulnerable to theft since you have to have it on you, but has no authentication mechanism at all. No fingerprints, no passcodes, just having it unlocks and starts you car. So even if you disable authentication on your phone it's still no worse than the key.

        But I know that no malware is going to creep onto my key from the internet. If my phone gets hacked, they can exfiltrate the codes, or disable my access and hold me for ransom.

  • by grep -v '.*' * ( 780312 ) on Friday June 22, 2018 @05:09AM (#56827242)
    Oh, look! Another attack surface. I'm sure THIS one will be completely secure. I can go to sleep with relief that someone without a physical or key fob will be able to access my car without my knowledge.

    That if, if I manage to drink enough whisky. Maybe the self-driving car can pick up some for me. Hell, just add photo-recognition to it -- if it doesn't look like me or my wife trying to enter the car, just start it up and drive off. For bonus points get a picture of the perp. For EXTRA bonus points, make sure that same picture has the front tire of the car sitting on them. Or rear tire, I'm not picky, and there's already a camera back there anyway.
  • by stealth_finger ( 1809752 ) on Friday June 22, 2018 @05:15AM (#56827254)
    What was wrong with, you know, a key?
    • Re:What was wrong (Score:5, Insightful)

      by GuB-42 ( 2483988 ) on Friday June 22, 2018 @06:36AM (#56827406)

      The biggest issue is that that's something you need to have on you. Not having a key is one less thing to carry around.
      Second: a key is single factor authentication. Phones can be multi-factor (you need the phone and a password for instance). Keys are also difficult to revoke. If you lose the key, you need to physically change the lock in order to get a new bitting.
      Another advantage of phone-based authentication is that you can transmit a token remotely to someone else if you want to give him access to you car. Basically the equivalent of putting car keys in someone's mailbox, but you get to keep your own key, and you don't need to actually go put it in the mailbox.

      Saying "what's wrong with a key" is like saying "what's wrong with cash". There are many compelling arguments for cash over credit cards and the like, but cash isn't without issues.

      • The biggest issue is that that's something you need to have on you. Not having a key is one less thing to carry around. Second: a key is single factor authentication. Phones can be multi-factor (you need the phone and a password for instance). Keys are also difficult to revoke. If you lose the key, you need to physically change the lock in order to get a new bitting. Another advantage of phone-based authentication is that you can transmit a token remotely to someone else if you want to give him access to you car. Basically the equivalent of putting car keys in someone's mailbox, but you get to keep your own key, and you don't need to actually go put it in the mailbox.

        Saying "what's wrong with a key" is like saying "what's wrong with cash". There are many compelling arguments for cash over credit cards and the like, but cash isn't without issues.

        All those arguments can be made against the phone though? Cash or card is a choice, and as long as this is then that's ok.

      • The biggest issue is that that's something you need to have on you. Not having a key is one less thing to carry around.

        Damn man - that' a hellava first world problem. Not to mention just how much space does a key take up?

        As well, there is a really big flaw in a phone based system.

        Batteries. Now I don't abuse my batteries, but from gas station and convenience store displays of batteries to plug into your dead smartphone, and my experience with my son and his phone that is always on the verge of dying, and his girlfriends and now wife.....

        What exactly do you do when you want to get into your car, and you pull out a dead

        • by GuB-42 ( 2483988 )

          Damn man - that' a hellava first world problem. Not to mention just how much space does a key take up?

          Way too much. I just bought a new car and that key is bigger than all my other keys combined, ring included. It is at least twice bigger than the key of my previous car, which performed the same function, and wasn't especially small either. I understand a big car key can be seen as a status symbol but come on, it is an entry-level compact car, not something to show off with.. But that's an other subject... And yeah, definitely a first world problem but it goes well with cars with first world prices.

          Oh, one quick note.Many (most) modern car keys are two factor. You have the mechanical key, then there is a lot of stuff inside the key handle that the car senses. Merely copying the key won't work..

          That's n

        • Damn man - that' a hellava first world problem.

          And? We happen to live in the first world. I don't go hungry, I don't have a lack of clean drinking water, I'm secure in my life, so what? Give up? Never seek any further improvements?

          Speaking of first world problems, just how many 3rd world countries will be rolling out top of the line BMWs with fancy unlocking mechanisms from your iPhone X? Maybe we should stop developing all technology and luxury goods as they are all solutions to first world problems.

    • by b0bby ( 201198 )

      I agree that there's nothing wrong with a key. However I can see that this phone based system could be better than the "key fob, not really a key" that new cars seem to come with. The problem I've found is that since you just have to have the fob somewhere in the car, it's pretty easy for that fob to end up with the wrong person. So for example, my wife and I drove somewhere in two cars, then drove around for a while in the newer car. She ended up with the fob even though I was driving, and then almost took

      • Key fob batteries last months to years without replacement or recharge. Phones, not so much. Will there be a USB charging outlet or contactless charge pad outside the car to charge the fucking thing so you can get into your car at 2 a,m.? Imagine having to find a place to charge your phone in a dark parking lot in the rain. Give me a fob, or better yet, a good, old fashioned key with passive RFID authentication.
  • Sigh (Score:4, Interesting)

    by ledow ( 319597 ) on Friday June 22, 2018 @05:18AM (#56827256) Homepage

    - Doesn't solve any existing problem.

    - Creates new problems all of its very own.

    Not least "your battery runs flat, but you need to open it to jump-start it" (so either all the doors open, or you can't get into it at all), "I locked my phone in the car", "Someone sniffed the NFC transaction from across the street- NFC is short-range-powered, but long-range-ordinary-radio-signal", "Every garage has a way to open that car if the system should fail and you can buy the kit to open any car for $20k", "My phone got a virus and now anyone can open my car", "Previous owners of the car can just walk up to it with their phone to unlock it", etc. etc. etc.

    • Also creates jobs in a system where every human need is already addressed but the social model is "work work work work".

    • by AmiMoJo ( 196126 )

      "I locked my phone in the car"

      Presumably they prevent that in the same way that they prevent you locking the key in the car. I've done it a couple of times and the car just beeps to let me know the key is still inside.

      "Someone sniffed the NFC transaction from across the street- NFC is short-range-powered, but long-range-ordinary-radio-signal", "Every garage has a way to open that car if the system should fail and you can buy the kit to open any car for $20k", "My phone got a virus and now anyone can open my car"

      Proven to be groundless fears by many years of using NFC payment systems like Android Pay and Apple Pay.

      "Previous owners of the car can just walk up to it with their phone to unlock it"

      At least you can just unpair their phone from the car's screen, unlike if they keep the old key which requires expensive reprogramming.

      Not least "your battery runs flat, but you need to open it to jump-start it"

      You use the backup key. There is a slight loss of functionality here, in that you mig

      • "I locked my phone in the car"

        Presumably they prevent that in the same way that they prevent you locking the key in the car. I've done it a couple of times and the car just beeps to let me know the key is still inside.

        What if I want to lock my phone in the car? This might sound like heresy to the under 35 set, but some of us are not welded to our smartphones. There are times, like going to a restaurant, that the phone is off, or better, left in the car.

        You use the backup key..

        But you've seen the posts. Having to carry that yuge key is a major imposition.

        To me, the technology is okay except that it adds three problems two likely, and one less so:

        First - the dead smartphone battery. Common

        Next - Just adding a layer - So we had a key. Now

        • by AmiMoJo ( 196126 )

          There are times, like going to a restaurant, that the phone is off, or better, left in the car.

          My phone has both an "off" and a "mute" button.

          the dead smartphone battery

          Just add a USB port on teh OUTSIDE of the car. Then you can charge the car from USB as well!

          • USB port on the outside is a good idea for charging a phone. It can't pass enough power to charge a car battery at any good rate of speed, though.

            Also, imagine having to wait 5 minutes till your phone gets up and running when it's 40F, raining, and you're in a dark parking lot in a less-than-safe area. Give me a fuckin key or key fob that "just works" already!

    • by Scutter ( 18425 )

      and you can buy the kit to open any car for $20k

      I think I'll just use this rock I found lying by the side of the road instead.

    • Re: (Score:2, Insightful)

      by thegarbz ( 1787294 )

      Not least "your battery runs flat, but you need to open it to jump-start it"

      1. Err this is a solved problem and has been for pretty much every "keyless" car on the market. There's always a secondary means of entry available to owners.

      Someone sniffed the NFC transaction from across the street- NFC is short-range-powered, but long-range-ordinary-radio-signal

      2. Err this is a solved problem and has been since the dawn of encryption.

      Every garage has a way to open that car if the system should fail and you can buy the kit to open any car for $20k

      3. Err See #1

      My phone got a virus and now anyone can open my car

      4. Err See #1

      Previous owners of the car can just walk up to it with their phone to unlock it

      5. Err just like you can* access my Facebook account from my previous phone after a factory reset?
      *You can't.

      etc. etc. etc

      Oh no, please continue. I'm enjoying reading one nonsense statement after another.

      • Comment removed based on user account deletion
        • As I do not have a keyless car (I do not even have a car) could you please tell me what the solution is?

          Well the good news is that no-one has a keyless car. Which is kind of my point. Just because it looks keyless doesn't mean that manufacturers haven't taken your very scenarios into account since the dawn of the keyfob.

          If the technology is too difficult for you to manage, how about you carry the key.

          But in any case there sure as hell isn't some nightmare scenario where you need to get your car towed to some mythical garage that has some mythical $20000 piece of magic gear to get in your car.

      • >2. Err this is a solved problem and has been since the dawn of encryption.
        Solved yes - whether the solution is actually *used*, or even *known*, by the people rolling their own "super secure digital key" is a completely separate question.

        As for 3 and 4, I fail to see how #1 is relevant to either. Sure, there's other ways into the car, but any keyless entry system adds an additional attack surface, one that's notoriously hard to make secure from automated attacks even for groups of digital security expe

        • Solved yes - whether the solution is actually *used*

          So go steal a car. I mean pretty much every single car out there uses keyless entry already. FYI, yes it is used and keyless entry has been resistant to replay attacks since the damn 90s.

          As for 3 and 4, I fail to see how #1 is relevant to either.

          I fail to see how 3 is not identical to 1, but in any case I misread 4. But someone was able to directly link a car with the phone owner, compromise the specific device directly, and then use it to access the car? What else are we afraid of. Aliens! Aliens can remotely trigger my phone to unlock my car and then they can get

    • Re:Sigh (Score:4, Interesting)

      by Registered Coward v2 ( 447531 ) on Friday June 22, 2018 @06:51AM (#56827454)

      - Creates new problems all of its very own.

      Beyond your examples, it provides a way for phone manufacturers to know when you are operating a vehicle, under the assumption that the phone used to unlock and start is the drivers. Once they have that information, how will they use it? Turning off texting and other messaging apps would certainly help solve the problem of idiots who text and drive, but how else can that information be used? What other services will be disabled if the think you are driving? Siri already won't let me open the garage door when it thinks I am driving, even if I am in my own driveway.

      • Beyond your examples, it provides a way for phone manufacturers to know when you are operating a vehicle,

        If the manufacturer is monitoring every phone to the extent you suggest, they already know that, since they can safely assume you're not out for your morning jog at 70 mph....

        • Beyond your examples, it provides a way for phone manufacturers to know when you are operating a vehicle,

          If the manufacturer is monitoring every phone to the extent you suggest, they already know that, since they can safely assume you're not out for your morning jog at 70 mph....

          It's to so much the manufacturer collecting the data but now they have a positive trigger on the phone that can be used to allow other actions as part of a workflow. Some can be positive like disabling texting, NFC could also allow auto emergency calls if an accident is detected, etc. Is the information already available by inference since if the GPS sees you go at 15 MPH they can assume you are in a car; this just verifies who is most probably driving. On the negative side, it could trigger auto tracking f

          • Emergency call in case of accident isn't always positive -- with a single-car accident where the car is drivable, you might not want cops to be involved or your in$urance to go up.
      • Comment removed based on user account deletion
    • - Doesn't solve any existing problem.

      Really?

      Leaving my house requires me to carry three main things; a smartphone, my wallet, and keys. If a solution could eliminate the need for 33% of the tools necessary for survival in a modern world, I'd sure as shit call that problem solving. What are you forced to leave the house with every day? Any reason all locks in your life could not be converted to electronic? (don't pretend those shitty consumer-grade locks really protect you either, a $50 set of bump keys and an hours worth of learn-to-lockpi

      • Only one of those things is REQUIRED. The keys. You don't need your wallet to just go for a walk or jog. You could also carry money in a money clip. I go out without my phone fairly frequently. Again, not required, just sometimes useful.
    • by GuB-42 ( 2483988 )

      your battery runs flat, but you need to open it to jump-start it

      That's assuming there is no backup system, and that your battery really is flat, not just unable to start the engine. Jump starting modern cars is not recommended anyways, but thankfully, flat batteries are also becoming less common (better power management).

      I locked my phone in the car

      Not a new problem, you can lock your keys in the car too.

      Someone sniffed the NFC transaction from across the street- NFC is short-range-powered, but long-range-ordinary-radio-signal

      That's a long solved problem. All serious authentication systems use challenge-response techniques now and sniffing won't help you unless you break the underlying crypto.

      Every garage has a way to open that car if the system should fail and you can buy the kit to open any car for $20k

      Any locksmith can open you

    • by mjwx ( 966435 )

      - Doesn't solve any existing problem.

      - Creates new problems all of its very own.

      Not least "your battery runs flat, but you need to open it to jump-start it" (so either all the doors open, or you can't get into it at all), "I locked my phone in the car", "Someone sniffed the NFC transaction from across the street- NFC is short-range-powered, but long-range-ordinary-radio-signal", "Every garage has a way to open that car if the system should fail and you can buy the kit to open any car for $20k", "My phone got a virus and now anyone can open my car", "Previous owners of the car can just walk up to it with their phone to unlock it", etc. etc. etc.

      Yep, a solution to a problem no-one has.

      Beyond your points, there is no single standard for NFC... Hell, we cant even get the full standard for Bluetooth in every phone as manufacturers pick and choose what bits they want.

      Add to this in the UK, there has been a spate of car thefts that have used buttonless "proximity" keys to simply open the door. The key may not work for you more than 3ft away so people think they're safe until the criminals simply use a signal repeater, open the door and drive off w

    • Not least "your battery runs flat, but you need to open it to jump-start it" (so either all the doors open, or you can't get into it at all)

      This is a problem with lots of new cars, not really related to this digital key question.

      "I locked my phone in the car"

      As with RF key fobs, the car should refuse to lock unless the phone is outside the car.

      "Someone sniffed the NFC transaction from across the street- NFC is short-range-powered, but long-range-ordinary-radio-signal"

      A complete non-problem. Cryptography. Relay attacks are an issue, though.

      "Every garage has a way to open that car if the system should fail and you can buy the kit to open any car for $20k"

      That's already true.

      "My phone got a virus and now anyone can open my car"

      Your phone having a virus can't affect it in any way, since it's not the phone's main processor or OS that do the unlocking, it's a separate secure element.

      "Previous owners of the car can just walk up to it with their phone to unlock it"

      No, this is a huge advantage of digital keys. It will be trivial to invalidate previo

      • by ledow ( 319597 )

        Sigh.

        "This is a problem with lots of new cars"
        Yes. It doesn't solve it.

        "As with RF key fobs, the car should refuse to lock unless the phone is outside the car."
        Yes. It doesn't solve that. And RF range detecting the fob IN the car? That's dubious. Most cars that do this operate on the "you can't lock the door without the key in your hand" principle, not magically detecting that you left the key in the car and "not auto-locking"

        "A complete non-problem. Cryptography. Relay attacks are an issue, though."
        Co

  • by mentil ( 1748130 ) on Friday June 22, 2018 @05:48AM (#56827296)

    So now when my phone gets stolen/broken/lost/runs out of battery, I have no way to call for help OR to start my car. Bonus points if the phone charger is locked inside the car-that-won't-start. Extra bonus points if you don't carry any method of payment aside from mobile payment.

    • by idji ( 984038 )
      Isn't a physical key a single point of failure?
      • Isn't a physical key a single point of failure?

        In theory, yes.

        In actual practice, not so much.

        I'm pretty old and have never lost my car key.

        Or maybe I'm just more careful than the average idiot.

        • by N1AK ( 864906 )

          I'm pretty old and have never lost my car key. Or maybe I'm just more careful than the average idiot.

          It depends... are you regularly losing / breaking / running out of power, on your phone?

          • Doesn't have to happen regularly to be a problem. Can you honestly tell me that you've NEVER had your phone get lost, broken, or run out of power? I can honestly say I've never lost or broken a key on my keyring.

            • Previous phone? Ran out all the time. Current phone? Never. And I've never lost one or broken one.

              I honestly don't understand how people lose/break their phones all the time. Put a case on it, and keep it in your front pocket or purse/bag so you don't sit on it. It's really not that difficult. With water resistant phones becoming more common, even dropping one in the toilet isn't a death sentence anymore.

              With wireless charging now and far better power management, I don't run out of power. I just toss my pho

      • Well one typically has two, so there is always some means, albeit inconvenient, of regaining access. The upside is while it might be single point of failure, its typically a fails-safe design. Ive never seena factory recall because a car was allowing anyone with any key to access it. Failures happen. Its murphys law. Designing to fail in a safe position is engineering design crteria.

      • Comment removed based on user account deletion
    • Bonus bonus points if you bother following the saying "Don't put all your eggs in one basket."
      Dumbass.

  • Comment removed based on user account deletion
  • by sad_ ( 7868 )

    i'm sure it will be as secure as the keyless systems they have in place now.
    can't wait for my car to be stolen.

    • Just dont buy a Toyota Camry if it has the feature. I guess its the massive amount of these cars in existence, but its one of the most stolen cars. It doesnâ(TM)t draw as much attention if youâ(TM)re driving a stolen Camry then, letâ(TM)s say, a Corvette. If youâ(TM)re driving around in a stolen Corvette, and you look as though you donâ(TM)t have enough money to rub two nickels together, you are probably going to get stopped and questioned.

  • So... we live out in a rural area where there is no cell service. Does this work without access to the net?

    What if the net goes down as has happened? Everyone's locked out of their cars?

    Seems like a bad idea made worse.

    • So... we live out in a rural area where there is no cell service. Does this work without access to the net?

      Yes.

      What if the net goes down as has happened? Everyone's locked out of their cars?

      It doesn't require -- or even use -- Internet.

  • ...nobody ever loses their phone. Or sets it down at a restaurant. Or has it fall out of their pocket at a movie.
    • by N1AK ( 864906 )
      But keys are kept securely in pockets in all those same scenarios by voodoo magic?
      • More by unwieldy shape, and the fact that they tend to rapidly settle to the very bottom of any pocket or bag, and then remain there until used to open a lock. Unlike phones which tend to be removed every few minutes by many people, and then be re-inserted while sitting down so that they occupy a far more precarious position.

        (Whether people who use their phone at the movies deserve to be locked out of their car for their crimes is a separate issue)

  • Comment removed based on user account deletion
  • Model 3, unlocks when you walk up to it. The phone is the key. I can also lock or unlock the frunk, the trunk and the doors, start the A/C, honk and flash lights from anywhere in the world.
    • by crow ( 16139 )

      My thought exactly.

      This sounds like other manufacturers seeing what Tesla has done and deciding to do it themselves.

      From a technical standpoint, I believe Tesla relies on Bluetooth, not NFC, but I'm not clear on much that matters. Bluetooth probably does a better job of working without having to pull your phone out.

      I'm still waiting for Tesla to add this feature to the S and X lines.

  • The only "improvement" seen over a plain key so far has been wireless lock fobs (NOT fob/key things). Ford-style combinations would be nice if they had 10 buttons or longer codes. Concentrate on making better cars, not fiddlier gadgets.
    • Yep. Ford got that right in the 80s. My ideal (as I stated in another post) would be combination to get into the car, and combination + fingerprint to start and drive the car. All managed locally -- you should be able to add/remove profiles from the car itself without needing a manufacturer's service. Valet driving the car? No problem. Temporary code and their fingerprint is good for 5 starts.
  • Use a PIN keypad on the driver's door to get into the car. Ford/Lincoln had this in the 80s. Require PIN + fingerprint auth to actually drive the car. Store a hash of all data locally and allow for local management. Fingerprints should be able to be added for a certain amount of trips to allow valets or service people to drive.

    It shouldn't require a manufacturer's server as an intermediate -- manufacturers go out of business, stop supporting services, etc. I'd hate to own a 12 year old car (newest car

  • The article doesn't say anything about people who do not have and do not want a smartphone; is there an alternative? A physical key?
    Also, can this be totally disabled, so no one can wirelessly unlock your car?

In the future, you're going to get computers as prizes in breakfast cereals. You'll throw them out because your house will be littered with them.

Working...