Apparently someone thinks it is a good idea to require you to have your cellphone with you in order to start your car. When that is found to be easily broken (i.e. with a replay or DoS attack) I can only guess what else will be used as a key. Perhaps a special stuffed animal that will rest on the dashboard? Or maybe one of those cap tassles from graduation ceremonies? Might as well put the stuff to use.
Anyhow, I just thought I should mention that multiples of the same form of authentication do not necessarily reduce vulnerabilities. For example, “something you have” plus “something else you have” plus “something else you have” still just adds up to one-factor authentication — something you have.
Telematics Journal describes the system in question:
A new car security system that identifies car owners through the Bluetooth element of their mobile phones is set to revolutionize the fight against car thieves. Auto-txt immediately identifies a car as stolen if the car is started with the keys but the mobile phone is not present. This unique feature allows a Bluetooth enabled device, such as a phone or PDA, to authenticate the vehicle owner, providing an enhanced level of security.
I can barely get my bluetooth headset to reliably connect to my phone, so I can’t imagine what happens when I need to start my car and bluetooth connections are spotty, or the battery dies. And when will manufacturers stop hard-coding four-digit PIN authentication as 0000? Bluetooth security has been so poorly implemented, I have a hard time understanding why anyone would want to lower their auto security to the dismal level of cell-phones.
The other part of the system seems to be some sort of sales spiel by Ford’s luxury division to provide assurance to prospective owners:
Auto-txt is the first stolen vehicle protection and tracking system to be awarded Thatcham’s Category 5 accreditation, the new insurance industry standard that is supported by the police. […] Auto-txt has been selected by Jaguar Cars and Land Rover to supply car tracking and security systems for all their vehicles from 2006. The systems, called Jaguar Watch and Land Rover Watch, will be available in the UK and across Europe. It is the first time the prestige car manufacturers will be offering a stolen vehicle tracking system in their own name.
Might be interesting to look into the formula for the Thatcham accreditation claim. In other words, is the plan for sales to go up x% due to an Auto-txt marketing blurb, or do they really believe that auto recovery (in a useable state) will be more effective?