The Volkswagen Group recognised that with ever more digital and software-based components in vehicles, smoothing and securing its customers’ experience smooth and secure was crucial. As consumers are used to managing their lives on their smart devices, smartphone-based virtual car keys were the logical next step.
Security must be married with accessibility if consumers are to trust in this technology. Importantly, it is about more than just securing the virtual car key on the handset – access rights need to be securely shared across devices when sold, hired, lent or jointly owned. For this reason, VW is working to enable its customers to use their smartphones to access their vehicles and to securely share their car keys via a smartphone app.
To make this a reality, the company had to protect its smartphone app from hacking and malware. In addition, to enable the secure transfer of keys, it also needed to ensure that sensitive information and key transfer requests were securely displayed to, and approved by, real users and not some malware simulating a user input.
VW chose Trustonic Application Protection (TAP) to enable its virtual car keys to be securely shared between smartphones. It is working with Trustonic to leverage the Trustonic Secured Platform and Trusted Execution Environment (TEE), with the addition of Trusted User Interface (TUI) technology. Importantly, the TEE is embedded in more than 50% of Android smartphones that are shipping, a figure that is rising year-on-year.
The TEE, the hardware-secured operating system (OS), is completely isolated from the device OS (for example, Android), making it, and trusted applications residing in it, well protected from software threats on the device. Trustonic claims to be the only ‘open’ TEE technology that can be accessed by app developers after devices have been shipped so it can provide hardware-grade protection for apps, enabling service providers such as VW to deliver experiences that are simpler, richer and faster, because they are more secure.
Sharing virtual car keys in a trusted way
By protecting the virtual key application using TAP, VW can make use of the security capabilities in modern smartphones. The application uses the TUI service to securely display information to the user and to ensure that only the authenticated user of the device can confirm the key transfer. Once confirmed, the app uses the hardware-secured environment, known as the TEE, to protect user’s data. The TUI ensures that hackers and malware cannot simulate the user confirmation needed to share a key by mimicking a press on the touchscreen or by key-logging.
VW now has a solution that is trustworthy for all stakeholders and opens up new possibilities for its customers. Ben Cade, CEO, Trustonic, commented, “The benefits oﬀered by car connectivity are exciting, but the ramifications of hacking, including the possibility of vehicle theft, are serious. This is why we have been working to embed our hardware into as many smartphones as possible.
“The presence of the TEE opens up a range of opportunities for service providers such as VW to secure their applications. With a single software development kit, developers can isolate their apps from threats and choose from a toolbox of security services to protect their data, customers and brands across all mobile phones.”