Awesome Stuff: Smartphone Proximity Locks For Your Car

from the a-little-different dept

For this week's awesome stuff, we're trying out a slightly different format. Instead of gathering three new crowdfunded products, we're going to focus on just one and take a slightly closer look at its progress and prospects. Please let us know in the comments if you like this approach, or if you prefer the old format.

This week, we're looking at Loxet: a smartphone-controlled proximity lock for your car.

The Loxet is a device that installs in any car with a central locking system and, along with an accompanying iOS or Android app, allows you to lock and unlock the doors and control ignition access with your proximity to the car. It also bills itself as an advanced sharing system, allowing you to grant time-limited access to the car to other people.

The Good

For one thing, it's new. There are already plenty of proximity locks on the market, but they generally require a specialized fob on your keychain; there are already smartphone-controlled locks too, but they operate by button-press. Loxet appears to be the first smartphone-controlled proximity lock, or at least the first one that works with both iOS and Android (they make this latter claim on the Kickstarter page). The price also looks good — though all the super-cheap early bird deals are sold out, the standard Kickstarter price of $69 is still below the price of existing non-smartphone proximity lock systems, which tend to sit in the $80-200 range.

The Bad

The way Loxet operates seems like it might come with some inherent issues. The device uses Bluetooth Low Energy, and in order to achieve full proximity operation on both iOS and Android, they have to use apps that repeatedly scan for connected Bluetooth devices at a time interval you set. To realize the full hands-off, out-of-mind potential of the system, that time interval will have to be pretty short — and I suspect it will have a noticeable impact on your phone's battery life and performance, though just how noticeable remains to be seen. For the time being, there aren't any obvious alternatives to this approach, at least not without sacrificing some capabilities.

The Questionable

With any wireless locking system, there's always one big question: is it secure? The last thing we need is someone whipping up an app to hack into people's cars via Bluetooth. Loxet would surely claim, in good faith I don't doubt, that the system is secure — but I'd like to see them call in some independent security audits and put the software in the hands of some white hat hackers before telling people it's ready to keep their cars safe. In fact, there's actually a disturbing lack of security information and discussion on the Kickstarter page, especially for an app that claims it will allow car-sharing via e-mail, SMS and QR code. With just under a month left in the campaign, this is the biggest thing the Loxet team needs to address.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    orbitalinsertion (profile), 18 Apr 2015 @ 6:51pm

    Why would i want my car to unlock every time my phone is in proximity?

    What if someone get my phone?

    For one thing, it's new. There are already plenty of proximity locks on the market, but they generally require a specialized fob on your keychain; there are already smartphone-controlled locks too, but they operate by button-press.


    When I was a kid, we actually had to put a key in a lock and turn it. Uphill. Both ways. In fifty feet of snow.

    reply to this | link to this | view in chronology ]

  • icon
    Todd Shore (profile), 18 Apr 2015 @ 10:07pm

    With a signal repeater you can bridge the distance between phone and car so that "proximity" is several hundred feet and security protocols don't need to be broken if transmission delay isn't computed.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 19 Apr 2015 @ 12:45pm

      Re:

      A good question is does the system use full crypto to identify authorized users or does it use something that someone else can copy from your phone and use it to unlock the door and simply repeat back to the car to impersonate your phone.

      reply to this | link to this | view in chronology ]

      • icon
        MrTroy (profile), 19 Apr 2015 @ 9:43pm

        Re: Re:

        Maybe I lack imagination, but there isn't really any way to prevent something from being copied from your phone and used on their phone to open your car. At best, the phone's IMEI would be part of the key, which would require an attacker to need to spoof your phone's IMEI as well as stealing the key file.

        Even the car sharing seems like an easier problem to solve than the key copying.

        reply to this | link to this | view in chronology ]

        • icon
          John Fenderson (profile), 20 Apr 2015 @ 7:57am

          Re: Re: Re:

          True, but there are numerous methods for handling the use case where an unlock code is exposed at the moment that it's used (rolling codes, etc.).

          That's not to say this product does anything like that, though. Personally, I wouldn't trust a product like this without knowing a lot more abut its implementation.

          reply to this | link to this | view in chronology ]

      • icon
        aldestrawk (profile), 20 Apr 2015 @ 7:32am

        Re: Re:

        What you are describing is a replay attack. The transponders used for locking/unlocking the car and for vehicle immobilizers already use encryption in a way to defeat a replay attack. The technique of using a repeater, or relay, device is different from a replay attack. With keyless entry, you don't have to have physical possession of the key to initiate the cryptographic handshaking. The key can sit in your house while the thief uses the relay device to fool the car into thinking the key is close by. The relay device just transmits the entire cryptographic handshake in both directions. Unless, there is a way to distinguish actual proximity from the use of a relay device, this same problem will exist for the smartphone + application.

        reply to this | link to this | view in chronology ]

        • icon
          pixelpusher220 (profile), 20 Apr 2015 @ 7:40am

          Re: Re: Re:

          Exactly. Perhaps comparing the GPS locations of the car and of the phone may help.

          Or in the simplest case, are the 'relay' devices 1 way or 2 way? Having a back and forth handshake would at least require 2 way communication...or have something that requires a some delay that allows your phone to notify you and give you the option to say 'no' before it unlocks itself (and of course alert you that hey someone is unlocking your car!).

          reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 20 Apr 2015 @ 8:50am

    I don't understand the point of this. My last few cars have all been keyless entry to the point where you simple touch the door handle and it unlocks. And there is a small button on the handle you hit to lock as you walk away. The keys never come out of your pocket. Even cheap cars are starting to have these features. I guess maybe I'm not the target user, but this seems dumb.

    ps: I like the old format of three ideas better than this one in depth.

    reply to this | link to this | view in chronology ]

    • icon
      John Fenderson (profile), 20 Apr 2015 @ 8:55am

      Re:

      There are lots of cars on the market that don't have keyless entry systems. The target market would be the owners of those. I have to admit that personally, I have yet to own a car that has this ability -- but that's because I intentionally avoid buying new cars, and the majority of the used cars around lack this.

      reply to this | link to this | view in chronology ]

  • identicon
    Anup Kayastha, 21 Apr 2015 @ 5:41am

    This is really awesome!

    reply to this | link to this | view in chronology ]

  • identicon
    Emil, 6 Jun 2015 @ 5:29am

    loxet save ? or not

    I have seen the loxet layout of there PCB and it´s only a low energy module without any protection against unwanted connections or intruders. I however use the BTCAR of a brazilian company, BT Segurança, that has a buildin processor witch allow or disallow the liberation of the vehicle perfectly. It´s not the module that dessides if your car is able to be used but the proccesor with analizes the mobile phone qnd it´s ID before liberating your vehicle. Good security, if not the best. we are trying to brake it for some while but it is dificult. The casing is not so beautifull but it Works like a charme and is not build to pen doors , we have Keys and remotes for this. it keeps your car save by turning of the motor or imobilize your car. Perfect.

    reply to this | link to this | view in chronology ]

  • identicon
    solidworks, 2 Aug 2015 @ 8:39pm

    Re

    Thank you.
    It's awesome.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: I Invented Email
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.