This gadget can unlock any car: a marvel or the next best horror story?


An all-in-one car key on your smartphone has been unveiled at CES 2025. It will definitely save you from losing your car keys, but will it prevent you from losing your vehicle?

Keyvault, a tech company founded in 2021, promises to revolutionize how we connect to our vehicles. Its gadget, named K1 and unveiled at CES 2025 in Las Vegas, fits in a hand and is capable of turning any smartphone into an all-in-one car key.

Toyota, Tesla, Subaru – no matter what you drive, the $519 gadget, which early birds can pre-order for $379, is compatible with any vehicle sold in the US since 2008.

ADVERTISEMENT

Using the Keyvault app, drivers can also monitor who drives their car, fuel levels, engine health, and location. Developers point out that parents can share keys with their teenagers and track their driving habits via the app, while car rental businesses can take advantage of the simplified digital key sharing and tracking. "We're not just replacing car keys – we're rethinking how drivers connect with their cars," says Artem Kiyaschenko, CEO of Keyvault.

"The K1 gives you control, convenience, and security like never before. It's a small device with a big impact, turning any car into a smart vehicle."

Keyless cars – a security nightmare?

Since 2022, along with the increasing usage of keyless technology to unlock vehicles, there has also been a surge in keyless car theft. Thieves have been finetuning their car-hijacking tactics to exploit keyless systems and steal cars from car owners' front doors in seconds.

To prevent this, Keyvault promises the ultimate security for its users. Ultra-wideband (UWB) technology for precise signal tracking, multi-factor authentication (MFA), and “military-grade encryption” should protect car owners from potential misuse and theft. However, several security risks remain, putting the vehicle at risk. “Despite the use of UWB technology, sophisticated attackers could potentially carry out a relay attack,” said Cybernews researcher Neringa Macijauskaite.

Konstancija Gasaityte profile Paulius Grinkevicius vilius Ernestas Naprys
Don’t miss our latest stories on Google News

“This involves using devices to capture and relay the communication signal between the Keyvault and the car, thereby unlocking the car without authorization.”

Another weak point is that the technology relies on software – the Keyvault app. The app could potentially contain vulnerabilities and provide multiple attack vectors for threat actors.

ADVERTISEMENT

While regular updates and audits reduce such risk, it also highly depends on user behavior, especially if updates are not applied automatically. Losing the device with the Keyvault app also adds to the risk, as attackers might attempt to extract Keyvault-related data.

“Other risks include the potential for Keyvault's servers to be breached, which could allow attackers to access sensitive user data or even control vehicles remotely. Social engineering attacks are another concern, where criminals might pose as Keyvault support to trick users into providing their credentials,” said Macijauskaite.