when you wish upon a star - another "tech" area VW/Audi/Porsche aren't keeping up

Vercingetorix · Jun 7, 2024

daveo4EV said:
then use the key fob - and your cayman can still support phone as a key.

Porsche only has a certain amount of resources. Phone as a key is obviously where they choose not to devote resources. Suspension, better turbos, better driving experience seems to be where they do and that’s why I buy Porsches and not Teslas.

Vercingetorix · Jun 7, 2024

daveo4EV said:
put your phone in airplane mode but leave bluetooth on and it will still work as phone as a key and not interrupt your driving (Tesla leverages blutooth, so you can do airplane mode but leave blutooth on) - BMW/Rivian uses NFC technology so even in airplane mode your phone works as a FOB…

no interruptions while driving.

Or just leave it at home.

daveo4EV · Jun 7, 2024

Vercingetorix said:
Or just leave it at home.

no I like to communicate with people…

WasserGKuehlt · Jun 7, 2024

daveo4EV said:
I'd really really like the option of using my phone as a key…and it's in fact coming useful this weekend when I'm out of town for daughter's graduation, but borrowing a family member's Tesla's - they just delegated me access to their Model Y via the Tesla app - and I have full access to the vehicle - with no need to exchange physical keys/tokens…and voila I have a car for the weekend!

[...]

all the obvious "concerns" and FUD about this sort of feature have already been discussed in these threads - trust me this feature has no "new" pitfalls vs. existing solutions - and honestly it's way better than existing key-fobs/physical keys

With all the recent ~~nation-state~~..uh, media focus on security breaches, this paragraph just made me wince. I have no concerns that phone-as-a-key can/does work, but I can just imagine the human-years spent in discussing, threat-modeling, designing, implementing and pen-testing this feature. Or, you know, maybe they just "pass a user token and done".

Call me a Luddite, but I have no problem "delegating" a key fob; I'd have, though, dozens of pointed questions before delegating access to (anything) in an "app".

Side q: what do people with phone-based access do for "keychain jewelry"? My Porsche crest keyring would look awkward attached to my phone..

daveo4EV · Jun 7, 2024

WasserGKuehlt said:
With all the recent ~~nation-state~~..uh, media focus on security breaches, this paragraph just made me wince. I have no concerns that phone-as-a-key can/does work, but I can just imagine the human-years spent in discussing, threat-modeling, designing, implementing and pen-testing this feature. Or, you know, maybe they just "pass a user token and done".

Call me a Luddite, but I have no problem "delegating" a key fob; I'd have, though, dozens of pointed questions before delegating access to (anything) in an "app".

Side q: what do people with phone-based access do for "keychain jewelry"? My Porsche crest keyring would look awkward attached to my phone..

I'll humbly suggest blutooth and NFC with paired crypto keys and pin-based key exchange pairing is vastly more "secure" than any existing vehicle vendor key-FOB products

the jewelry issue is more substaintial concern and less easily addressed

I'm simply suggesting others are moving on and leaving VW/Audi/Porsche farther and farther behind - to date phone as a key-FOB implementations all offer it as an option "in addition" to traditional key-FOB - it's not required but is an option for your vehicle access…

it is one of the very very few things I miss from my Tesla ownership (and supercharging). Phone as a key-FOB is game changing for seamless vehicle access on a daily basis

Vercingetorix · Jun 7, 2024

daveo4EV said:
I'll humbly suggest blutooth and NFC with paired crypto keys and pin-based key exchange pairing is vastly more "secure" than any existing vehicle vendor key-FOB products

the jewelry issue is more substaintial concern and less easily addressed

I'm simply suggesting others are moving on and leaving VW/Audi/Porsche farther and farther behind - to date phone as a key-FOB implementations all offer it as an option "in addition" to traditional key-FOB - it's not required but is an option for your vehicle access…

it is one of the very very few things I miss from my Tesla ownership (and supercharging). Phone as a key-FOB is game changing for seamless vehicle access on a daily basis

And I will suggest that Porsche is leaving others behind in other areas. Choose your poison.

daveo4EV · Jun 7, 2024

Vercingetorix said:
And I will suggest that Porsche is leaving others behind in other areas. Choose your poison.

agreed- I'm ordering a Macan Ev and not the similarly priced BMW M60 iX - even though I know the BMW 'tech" is better…

but there may come a day where it "tips over"…that's all I'm saying.

WasserGKuehlt · Jun 7, 2024

daveo4EV said:
I'll humbly suggest blutooth and NFC with paired crypto keys and pin-based key exchange pairing is vastly more "secure" than any existing vehicle vendor key-FOB products

To be clear, I'm not worried about the strength of the comms or the pairing algorithm between phone and car. I'm far more worried, though, about the underlying identity management story: how are user creds protected, is there a live service involved in locking/unlocking (and if not how does auditing work), what is the revocation story, what about break-glass, can I discover my delegation graph, how do I know delegation is 1-level deep - and so on/forth. All of which are eminently solvable problems, mind, I'm just skeptical that the risk (of imperfect implementation) can possibly be worth the reward - for me.

pedroleumjelly · Jun 7, 2024

Guys there's nothing wrong with extra tech. You can always, like, you know, not use a phone key. I for one would love it.

whitex · Jun 7, 2024

@daveo4EV , even Tesla has not perfected the phone-as-key yet. I haven't used but, but my parents have a Model Y and use it. Unfortunately it's not bulletproof, so you still have to keep you keycard on you, which they've had to use on few occasions then it failed completely even though they had 2 phone-as-keys with them (lucky they followed the manual to keep the key-card with them as well, though opening/starting the car via the app over the internet might have worked too - but that only works if your phone and car have cellular data signal).

The issue with phone-as-key is the phone tech in the chain which the car manufacturer does not control. Every time Phone is updated, there is a chance something will screw up, or sometimes it's just aging of the phone installation. When one of my parents' iPhones started working very intermittently as a key, they asked Tesla tech for help - their solution, factory reset the phone. While early adopter who love to live on the edge probably don't mind factory re-setting up their devices to get new sparkly features, most people don't relish the idea. Check out the threads on Porsche park assist like this one, how it works for some people, doesn't for others, and yet resetting the phone fixes it for some but not all.

A car key needs to be reliable and "just work". Until there is a rock solid standard for phone-as-key, any manufacturer adding it will be dealing with phone-tech-in-the-chain issues. Tesla can iterate quickly, patch things way faster than Porsche, and even they are having reliability issues. Traditional auto makers are not equipped to deal with a fast changing landscape of phone OS'es and software to keep it integrated in their technology key-chain. I think this will follow the path of Bluetooth. I remember in the old days having so many issue pairing phones with different cars, it working intermittently, etc. Today the problem is mostly solved. Same will happen with phone-as-key, in a few years time. Today, you have to carry a backup key anyways, and for Porsche that would be the fob, so phone as key is very useful.

d00d · Jun 7, 2024

Even when the technology is available to Porsche, they have chosen not to use it in full.
CarPlay should be able to access the music library on my phone while driving, but unlike BMW decided to dumb it down (lawyers?) and grey it out, leaving a few recently added.
Voice control to find what I want is infuriating, as sometimes I don't know what I want to play until I see it.

laua · Jun 8, 2024

Additional alternatives such as a phonekey will of course be a convenience but I don’t think it is any more secure than typical key fobs.

https://arstechnica.com/cars/2024/0...-a-cheap-radio-hack-despite-new-keyless-tech/

daveo4EV · Jun 8, 2024

laua said:
Additional alternatives such as a phonekey will of course be a convenience but I don’t think it is any more secure than typical key fobs.

https://arstechnica.com/cars/2024/0...-a-cheap-radio-hack-despite-new-keyless-tech/

I agree - but this is very diffrerent that keyfobs - this is a relay attack which requires the original "FOB" (in this case the phone) to be available - they essentially amplify the signal between the car and the phone-FOB the trick the two into thinking they are closer to one another than they actually are.

After driving away (and presumably) leaving the original/secure phone-FOB behind the thieves will be stuck with a car that they can tear apart, but unless the original and secure phone is available to them they can not start the car again - bu they can tear it apart at their leisure to try and reset it to no longer belong to the owner…

NOTE: they MUST have access to the actual phone, and they cna not "clone" it and walk away with a copy - only the most recent key-FOB are immune/secure against cloning attacks - where thieves track you - copy your key-FOB signal when you use it - and steal it later with their "copy" of your FOB - many existing car manufacturers are shipping cloneable keyFOB's to this day on 2024/2025 vehicle models…

in this case the thieves did not "crack" the security of the phone - they NEED the original/secure phoen to steal the car - they tricked the vehicle into believing the phone was closer to the vehicle than it actually was…

the _ONLY_ practical solution to this problem (relay attack) is to store yoru phone/FOB in a radio "secure" box…

in the case of Phone-as-key Apple/BMW implmentation if you disable "passive" car key on your phone - the relay attack will not work because the phone is not transmitting it's signal unless it's unlocked, and the "wallet card" is active on yhoru screen…

one example of thieves amplifying a radio signal doesn't mean the phone as key is not secure - it means if you want passive access to a vehicle with out interaction (i.e. leave the phone "asleep" in your purse/pocket) then you're opening yourself up to a relay attack - but that's true of _ANY_ comfort-access/passive type vehicle access system - and you can disable that.

the large large large majority of key-FOB vehicle implementation are no where near as secure as Tesla's/BMW's existing phone support…but yes there still is the relay/amplify the signal appraoch - but unless the thieves have a plan for the vehicle after they drive away the first time they put it into park again - the car will be have to be physically attacked/torn apart (which might be their goal) but they aren't driving it again because they 've left the original phone key behind and where not able to clone it for future use.

security is tricky tricky business - and there are no silver bullets - and there are always trade offs…

turn off passive access - and then compare traditional FOB's to phone-as-key and you'll find phone-as-key is vastly superior.

whitex · Jun 8, 2024

laua said:
Additional alternatives such as a phonekey will of course be a convenience but I don’t think it is any more secure than typical key fobs.

https://arstechnica.com/cars/2024/0...-a-cheap-radio-hack-despite-new-keyless-tech/

I wonder why the phone needed to be essentially touching the phone. I think the hint may be in the comment that they not not just relaying, but also jamming (not sure if they are jamming UWB signals or perhaps GPS so phone cannot tell it's not next to the car?). I would like to see if they can pull off the same attack with the key being somewhere inside a house, while their relay/jammer is outside the house (typical relay attack for traditional fobs).

whitex · Jun 8, 2024

daveo4EV said:
in the case of Phone-as-key Apple/BMW implmentation if you disable "passive" car key on your phone - the relay attack will not work because the phone is not transmitting it's signal unless it's unlocked, and the "wallet card" is active on yhoru screen…

I am surprised Tesla did not implement a common sense solution (at least it seems like one to me) - disable phone as key after a period of time the phone is stationary. That time could be customizable, or instantly disabled when on a wireless charger outside of the car (allow people to disable this option if they carry a battery extender). This way if you're at home sleeping, your phone is on a charger or at least stationary, no relay attack can be pulled off.

when you wish upon a star - another "tech" area VW/Audi/Porsche aren't keeping up

Vercingetorix

Well-Known Member

Vercingetorix

Well-Known Member

daveo4EV

Well-Known Member

WasserGKuehlt

Well-Known Member

daveo4EV

Well-Known Member

Vercingetorix

Well-Known Member

daveo4EV

Well-Known Member

WasserGKuehlt

Well-Known Member

pedroleumjelly

Well-Known Member

whitex

Well-Known Member

d00d

Well-Known Member

laua

Well-Known Member

daveo4EV

Well-Known Member

whitex

Well-Known Member

whitex

Well-Known Member

Similar threads