Vehicles can now be unlocked and started through direct communications
between a smartphone and the vehicle, which should make life easier for an owner
and simplify the introduction of car share services. But, while this may be
seen as convenient for the user, is it really secure?
SBD Automotive assessed the two main communication technologies used for smartphone key systems, BLE and NFC. The systems were assessed using a USA
specification Tesla Model 3, two UK specification Mercedes-Benz A-Class
vehicles and a German specification Mercedes-Benz S-Class.
When originally testing the Mercedes-Benz Digital Vehicle Key system on the
latest A-Class, it was not possible for SBD, or ‘Mercedes me’ Technical Services, to
register and connect any smartphone to the Digital Vehicle Key system (SBD
attempted to connect a number of smartphone models to two different A-Class
vehicles). In June 2019, SBD managed to source a German-specification Mercedes-Benz
S-Class fitted with the Digital Vehicle Key system and
successfully connected a Samsung Galaxy S10 smartphone to the car, allowing the full system testing to be completed.
There is always a trade off
between security and convenience for vehicle access systems – typically if OEMs make a system more secure, it becomes
less convenient, and vice versa. SBD has seen the same trade off with the 2
systems assessed in this report:
It was very easy to set up
the BLE system on most Bluetooth enabled smartphones, and using it for entry and to start the vehicle was as easy as a conventional keyfob, while also offering a
wide range of additional functions, such as remote lock, unlock and start, self
However, there are a number of security weaknesses caused by the way the system has been implemented, including excessive operating range and having a fixed MAC address for the BLE system,
which allows easy signal interception.
It was extremely difficult to
set up the NFC system. SBD tried several Mercedes vehicles and a variety of
smartphones before finally succeeding to register a phone as a key for a vehicle with this feature.
The functionality of the NFC system is much less convenient than a conventional
keyfob (or the BLE system on the Tesla), as it only operates on the drivers door, the user needs to hold the smartphone close to the door handle and only one
phone can be registered to the vehicle at any time. However, the short
range communication profile of NFC does make the system more secure, as the
communication signals are less likely to be intercepted.
Car makers believe there is
consumer demand for more connected services, and the ability for a driver to
operate the vehicle using their smartphone will further integrate the vehicle
into their digital lifestyle. It will also allow easier sharing of their
car with family and friends, although the current Mercedes NFC system only
allows one smartphone to be registered as a key at any one time. In the
medium-to-long term, it will enable car sharing and mobility services, and
support the emerging use case for parcel delivery to your vehicle.
While both systems tested are being offered as additional methods for a driver to access their
vehicle, in the future car makers may want to replace the conventional
vehicle key altogether with a smartphone. Current UNECE Type Approval legislation means that
all vehicles must be sold with a conventional key, though the legislation is
being amended to allow vehicles to be sold without one from
However, there is no
legislation or guidelines regarding the implementation of using a smartphone as
a vehicle key, so we are seeing some generic functionality that may cause
issues going forward. For example, neither BLE or NFC allow emergency
access to the vehicle if the vehicle battery fails. For both of the
vehicles tested by SBD, it is possible for an active smartphone/smart key to
be locked in the vehicle, and remain active, with no alert to the driver. If a
thief were to break in, this would present an opportunity for them to easily drive
the vehicle away. It will be interesting to see how thieves exploit this
functionality in the future as car sharing and mobility become more