Related News
More and more car manufacturers are integrating Bluetooth technology into their keys, which allows users to open the car simply by approaching it, or using a compatible mobile, a feature that OPPOs are premiering.
The possibility of opening the car using your mobile is already underway in some brands, which we will see more frequently.
And it is that, the passive detection of car control is a very comfortable method of opening its doors, but only recently was exposed to a vulnerability caused precisely by your Bluetooth connection.
Passive remote sensing means you don’t need keys
the Bluetooth LE (low efficiency) It offers manufacturers the possibility of being able to unlock the doors of the car by simply approaching it with the command, activating the unlocking mechanism.
This method not quite sure since it was possible to circumvent the security of this protocol to open a car, more precisely a Tesla.
Traditional controls operate using radio waves, and these are not affected. However, these new controllers use Bluetooth LE, which originally it was not designed for security mechanisms precisely because of its possible vulnerabilities.
Bluetooth LE, the cause of the problem
In this method, unlocking is done by proximity, and NCC Group has developed a tool that would attack Bluetooth LE broadcasts low efficiency thanks to a laptop connected to an antenna.
It would only have to connect between the user and the car to be able to carry out this attack, and It would also work if the car is opened by mobile, as long as the Bluetooth LE method is used.
The cybersecurity group claimed that this vulnerability cannot be solved by software updates, For this reason, they considered this technology deprecated beyond areas such as health or entertainment.
Two-factor authentication could be the solution
To be safe from this problem in command security with passive Bluetooth detection, a good solution can be set two-step verification in the manufacturer app for smartphones.
At the moment Tesla is one of the few companies to allow this, but it is expected that in the near future the door is open for more and more manufacturers Android phones can be used as an unlock device.
A message verification method would mean that to open the car you would need to have your smartphone handy in addition to the remote control, and a notification would be sent to allow the opening of the car.
After all, two-step verification is an unlocking method that can increase the security of your online accounts and your car.
UWB keys will help improve security
Samsung Pass is already used with banking apps for its security
ultra high speed connection It could also be a possible solution to open the car from the mobile, and brands like Samsung are already taking advantage of this technology, although for now only in Korea and only in some top of the range.
Some brands like BMW, Audi, Ford or Hyundai with on the Genesis series are already supported, and this list of cars should grow over time.
To open the car, a digital key would be stored in a secure app, in this case Samsung pass. On approach with this key saved in the secure application, the car only opened when the door was activated with the mobile nearby.
You can even temporarily lend this key to another person you want to leave the car with at any given time, even deciding how long this key will be active.
You may be interested
Follow the topics that interest you
Table of Contents
