With CarPlay, heavy investment in autonomous technologies and a membership to the Car
Connectivity Consortium, it is no secret that Apple still has its sights on the automotive industry - although a recent discovery in a software update suggests the Cupertino company is looking to significantly increase its foothold.
In the developer beta for iOS 13.4, an API for ‘CarKey’ was found.
CarKey is an NFC-enabled digital car key for the iPhone and Apple Watch that
can lock, unlock and start a car. Other features include an Express Mode that
would allow the car to be unlocked even when the device is fully discharged and
without Face ID authentication. Apple's Wallet app will facilitate the pairing
process, while the setup procedure will be
handled by each OEM's companion app. Furthermore, through Wallet or a PIN code, CarKey
can be shared with friends and family and added to Apple Watch.
Currently, as a digital key, the iPhone is only compatible with
Tesla models via Bluetooth Low Energy (BLE), but with CarKey, it will become
compatible with cars that use Near-Field Communications (NFC). This flexible
compatibility could make CarKey one of the first digital key platforms to work across a
range of cars, further building on the increasing number of 'touch' use cases that allow smartphones to be used for payments, train tickets, flight boarding passes etc.
Over the past year, SBD Automotive has tested smartphone key systems for vehicles that use BLE and NFC, including the Tesla Model 3 (BLE), Mercedes-Benz A-Class and S-Class, and the BMW X5 (all NFC).
SBD found that an important differentiator between BLE and NFC systems was security,
stemming from the connectivity range of each system - Tesla’s BLE being
around 100m, and BMW’s NFC around 10cm. The Tesla’s larger range made it
susceptible to relay attacks if the key is left nearby. The
shorter range of the BMW’s connection makes it more secure, as the signals only appear briefly and, as a result, are harder to intercept.
One of NFC’s setbacks was its inconvenience, with the user having to
hold their phone next to the door handle to lock or unlock the car. On the
other hand, Tesla allows users to keep their phones in their pockets while the
BLE connection passively unlocks the car with its longer range.
Another potential security concern for CarKey users may come from its
key-sharing feature. However, when testing a similar feature on the BMW, SBD
found that it has good security measures in place. For instance, when the main
digital key is deactivated, all shared keys were deactivated and when
re-activating a digital key, a registered key fob had to be in the cabin. While
SBD found evidence that the phone used in the tests stored digital key software
after deactivation, Apple's singular control over its devices may allow it to implement measures to ensure such information is
either encrypted or deleted from CarKey.
is always a trade-off between security and convenience, and smartphone key technology
is no exception. As vehicle smartphone key systems become more widely
available, OEMs need to look carefully at who they are comfortable partnering
with, which features they want to provide ...and the risks involved.