The world is becoming more and more digital. An indispensable part of our daily life: smartphones and tablets. As a matter of course, we almost constantly use our mobile companions to google something, make contactless payments or switch on the light in the living room. The flood of apps that are added every day in the App or Google Play Store is almost endless. In the wide world of the stores, there are also mobile applications with which vehicles can be locked and unlocked via cell phone. Such digital key apps are extremely popular not only with many drivers, but especially with hackers. As a result, it is important to take appropriate measures right from the start of the app development to protect the practical digital car key from being accessed by third parties.
Due to the corona pandemic, businesses are increasingly calling for contactless payments. In the course of this, many have already switched to mobile payment and pull out their cell phone or smartwatch at the checkout to settle the bill. What we know from the financial sector has meanwhile also found its way into the automotive sector: the digital car key is enjoying increasing popularity. With the appropriate installed app, future-proof cars can easily be opened and closed again using a smartphone. This offers a pleasant comfort.
However, some automobile owners do not have trust in such modern technology as there is a lot of media coverage of vehicles that have been hacked remotely. To solve such concerns, it is essential that manufacturers adequately protect their digital key apps. This is the only way to guarantee customers security when using the technology. Maximum and sustainable protection should already play a central role in the planning and early implementation phase. Thereby, many of those responsible do not have on their radar that there are multi-layered security frameworks that make the work much easier.
Integrate framework – lock out hackers
A Software Development Kit (SDK) like our Trusted Application Kit (T.A.K) holds a collection of security features that every app needs. Developers of a mobile car key app can integrate the SDK without much effort and in a short time. This ensures that the secret keys in the mobile app are not accessible to unauthorized persons using cryptographic technology. Due to the secure storage of the keys in the smartphone, there is the additional advantage that no network signal is required to access the car. Even if it was parked in an underground garage where the connection is insufficient, the vehicle can be opened without any problems. Furthermore, the integration of our T.A.K allows several people to access the digital key without compromising security.
To ensure that hackers have no chance of accessing the mobile car key, the SDK is made available to developers and providers as a library with code obfuscation, which makes decryption much more difficult. In addition, the app protection uses a secure communication channel between the client and the cloud and provides each app, including the digital car key, with its own secure communication channel. The secure communication channel to the server prevents data traffic analysis (network sniffing). Therefore, the T.A.K should be integrated into the app at the beginning of the development so that it can respond directly to threats later during execution. The integrated Trusted Application Kit can, for example, detect whether the mobile car key is being executed on an original device or a rooted device. Beyond that, the digital car key can be declared inactive via the T.A.K cloud.
Advantages for the users
- They can use the digital car key unhesitating and benefit from everyday convenience without worrying about the security risks.
Advantages for the automotive industry
- The T.A.K increases the security of many operating system versions and thus achieves high market coverage/many customers.
- They strengthen trust in the brand and the technology.
- It is possible to satisfy the desire of many car owners for security when using such promising technologies.
- The car owner’s belongings are protected.
- There are lower costs to develop the technology in an all-around secure way.
- The app can be launched more quickly because the kit integrates all the essential security aspects required for In-App Protection.
- Reputational damage can be avoided.