- Apple wants to replace physical car keys with digital keys stored securely on the iPhone.
- Users will be able to unlock their cars through NFC and biometric authentication, but there will also be alternatives.
- User comfort always undermines security, but there’s a way to hit the ideal midpoint with the “CarKey.”
Apple’s announcement on the upcoming iOS 14 had many things to be excited about, and naturally, some flew under the radar. This doesn’t mean that people don’t care about these secondary features or that a large number of people haven’t been asking for them for a long time now. One of these features is the “CarKey,” which enables users to unlock their cars by using their iPhone devices. Sounds cool, and it is, but it’s coming with a whole set of limitations – and of course, security risks.
First, the number of supported car models is pretty small and limited to those that support digital keys. Apple mentioned the new BMW 5 Series that will be introduced to the market in the following months. The “CarKey” will work through the NFC (near field communications) sensor, and it could alternatively also use the new U1 ultra-wide-band chip for farther unlocking distances. To unlock the car, the user will have to authenticate on a biometric level, using Face ID or Touch ID. To cover all practical scenarios, Apple is also offering the possibility to share access with others via iMessage so that that family members can share cars. The users may also set up “Express Mode” and skip biometric authentication. In this case, all they would have to do would be to hold the iPhone close to the door handle of the car.
This raises many concerns about security holes – not as much with the system itself, but how people are going to use it. Most people are opting for comfort above all else, and comfort always eats up security. If a large number of users activate the “Express Mode,” someone could steal one or even more cars (one device can hold the keys to multiple vehicles) by simply bringing the device in proximity to the car. “CarKey” is deploying the Car Connectivity Consortium’s (CCC) Digital Key Release 2.0 specification, so it is based on a well-thought-out and safe system theoretically.
Already, carmakers like Volvo have been offering similar services, but storing the keys in an app is not the same as storing them in a secure location on the device’s chip. BMW, Honda, General Motors, Volkswagen, Hyundai, and Samsung have all expressed their interest in implementing the CCC systems to store digital keys in a standardized way. So, could this spell the end of today’s bulky car keys? Possibly, but you should use the offered tech with care and respect to the risks that come with it.