New Digital Car Keys May Bring Security Risks

Tap your phone to start

Key Takeaways

  • A growing number of manufacturers are offering digital car keys.
  • Samsung is adding support to its phones for digital car keys with the all-electric Genesis GV60.
  • Cybersecurity experts say that digital keys are vulnerable to hacking.
Samsung digital car key

Samsung

Car keys are going digital, but they may not be entirely secure, experts say. 

Samsung is adding support to their phones for digital car keys with the all-electric Genesis GV60. A growing number of manufacturers are launching digital car keys, but there are risks attached. 

"One of the biggest vulnerabilities is key cloning," cybersecurity expert Scott Schober told Lifewire in an email interview. "Cybercriminals can exploit an encryption flaw using a simple RFID transmitter. This allows them to copy the signal that is produced by the key fobs, which criminals could then use to unlock the target victim’s car."

Convenience is Key

Samsung Galaxy users will be able to use their smartphone as a digital car key, powered by NFC and ultra-wideband (UWB) technology. The company says you’ll be able to lock and unlock your car securely with your smartphone and even safely share the key with friends and family. 

Samsung’s digital key is powered by advanced UWB technology, a short-range, wireless communication protocol that uses radio waves to operate, much like Bluetooth and Wi-Fi. However, UWB transmits radio waves at a much higher frequency, enabling highly accurate spatial awareness and directional capabilities that allow mobile devices to understand their surroundings better.

person using mobile app device on smartphone to unlock the doors of her car in a car park

d3sign / Getty Images

Other manufacturers are working on digital car keys, as well. Google said recently in a blog post that some Pixel and Samsung Galaxy smartphones would be able to use a digital key feature to lock, unlock, and even start a vehicle from the phone. Apple allows you to add car keys to the iOS Wallet app, use your iPhone or Apple Watch to unlock and start your car, and share your car key with other people.

Samsung claims security was foremost in the design of its new keys. The key uses Samsung’s embedded Secure Element (eSE) to protect sensitive information and encryption keys. The UWB technology is also designed to stop potential relay attacks, where the radio signal is jammed or intercepted.

No Such Thing as Unhackable?

But data privacy lawyer Odia Kagan told Lifewire in an email that preventing car hacks is a tough challenge. 

"As the saying goes, where there is a will, there's a way," Kagan said. "With new connected cars, there is both a will and a way. Will—because they are a treasure trove of information; not only information about the car itself and its whereabouts, which could be used to manipulate the car, but also about the person driving or riding [in] it (which could be used to locate them, learn things about their location, schedule, preferences)."

"One of the biggest vulnerabilities is key cloning."

Attackers can also use cars to get at information stored on the user’s phone, Kagan said. "This is ripe ground for a lot of players including hackers, and nation-states. Connected cars are essentially a type of internet of things (IoT) device and are prone to the same vulnerabilities as IoT devices, just with the stakes being much higher."

With digital car keys, vulnerabilities in the code or hardware could be exploited to gain access, cybersecurity expert Jon Clay told Lifewire in an email interview.  The key uses RFID, which could be compromised to clone the key itself.  

women using smartphone to unlock car

sinology / Getty Images

"The obvious motivation here is to steal the car if the criminal is able to clone or copy the key itself and use it," he said. "In fact, car thieves are already doing signal capture-relay-replay attacks against wireless car key fobs."

Clay recommends users keep digital car keys in a metal-lined pouch that doesn’t allow signal capture attacks. You should also turn off keyless entry on the key when not in use and use a steering wheel lock. 

Schober has a more unusual suggestion to protect your digital key.

"Throw your key fob in the freezer, as it acts as a Faraday cage preventing any wireless communications," he said.

Was this page helpful?