Apple iPhone, Samsung owners: Unlocking your car by phone just moved step closer

Apple and Samsung are part of group working on a standard to ensure Digital Key will be reliable and unhackable.
Written by Liam Tung, Contributing Writer

A new specification is being developed with the aim of letting car owners unlock and lock their vehicles using a smartphone.

The Car Connectivity Consortium (CCC), which counts Apple and Samsung as members, has published the Digital Key Release 1.0 Specification, offering a first look at a standardized way of using a smartphone to lock and unlock any vehicle, start its engine, and share access to the car.

CCC is looking to use existing technologies such as Bluetooth and NFC as part of the Digital Key standard.

The specification outlines a number of use cases, such as how a smartphone would unlock or lock the vehicle, for example, when it is in close proximity, by placing it near a sensor, or by opening an app.

SEE: Tech and the future of transportation (ZDNet special report) | Download the report as a PDF (TechRepublic)

To use the key, the specification suggests authentication could be required either via passcodes or a phone's biometric readers.

The specification also discusses key provisioning and revocation, pointing to potential applications for car-sharing businesses and car-rental agencies, which would be able to give customers a Digital Key on their phone that expires after the rental period is completed.

"This mechanism works agnostic of the brand of the car or the smart device, so that the rental agency is the single contact point for the customer," it notes.

This technology could also come in handy when buying a secondhand car, with the system allowing the new owner to simply revoke all previously provisioned keys.

The specification doesn't go into specifics about how the keys will need to be protected, but it does say whatever mechanism it uses it will need to prevent unauthorized copying, modification and deletion of existing keys.

It will also need to prevent unauthorized provisioning, and factor in software attackers, physical attacks, and attacks on communications between the device and vehicle.

Presumably, Digital Keys for the car will face similar security challenges to today's various smart locks, as seen in Pen Test Partner's hack on a Bluetooth-enabled smart padlock this week.

According to CCC, the Digital Key project is using "the expertise of the automakers and handset vendors contributing to development of an entire Digital Key ecosystem while addressing the concerns of reliability and security".

SEE: The new commute: How driverless cars, hyperloop, and drones will change our travel plans (TechRepublic cover story) | download the PDF version

Digital Key Release 2.0, scheduled for release in Q1 2019, will outline a standardized authentication protocol between the vehicle and smart device.

CCC's board includes representatives from General Motors, Volkswagen, Daimler, RealVNC, HTC, PSA, Honda, LG Electronics, Hyundai, Alpine, Toyota, Panasonic, and Samsung.

CCC's charter member companies include Apple, Audi, BMW, General Motors, Hyundai, LG Electronics, Panasonic, Samsung, and Volkswagen. Core members include Alps Electric, Continental Automotive, Denso, Gemalto, NXP, and Qualcomm.

As Audi notes in the announcement, it already offers customers a Digital Key service and suggests it will play a lead role in the standard.

"By standardizing a Digital Key solution that complies with our security standards we lay the building blocks for innovative services on a broad basis," said Ulf Warschat, head of Body Electronics at Audi.

BMW is also keen on Release 2.0. "Leveraging all benefits of Release 2.0 will enable a scalable solution, interoperable with all smart devices and vehicles delivering a superior user experience to our customers," said Alexander Maier, BMW AG.

Previous and related coverage

VW-Audi security: Multiple infotainment flaws could give attackers remote access

Some VW and Audi models are vulnerable to remote hacking over Wi-Fi and cellular networks.

Why the connected car is one of this generation's biggest security risks

High-profile hacks have led many to question the growing connectedness of today's automobiles. The risks are real, but the response is currently more talk than action.

The dashboard is due for disruption

There are lots of reasons why your car's infotainment systems don't work like a smartphone. But that is finally about to change.

Pro time saver: Amazon Key can deliver packages to your car in office parking lot (TechRepublic)

The service is available for newer model Chevrolet, Buick, GMC, Cadillac and Volvo cars.

Apple Battles With Android-Centric MirrorLink For Control Of Connected Car

There are two cross-vendor efforts to defragment the car computer space and appify your automobile. With the outcome uncertain, developers remain in limbo.

Raspberry Pi goes Android Auto: Now you can build your own cheap car head unit

Why buy a finished Android Auto head unit when you can hack one together with a Raspberry Pi 3?

Every car infotainment system available in 2018 (CNET)

Your guide to the touchscreens, connectivity options and other infotainment tech features in every new model.

How secure is your car? Unpatchable flaw lets attackers disable safety features

A vehicle hack can disable safety features on most modern cars by posing as a faulty electronic component.

Editorial standards