Ford Keyless Entry for Passwords

Security and convenience are always at odds with each other. It seems that there is an inverse relationship between the two. A classic example of this would be writing your password on a sticky note and sticking it on your monitor. While it is very convenient to have your password on your monitor, it is also very insecure. This is a relationship that, as security professionals, we must understand.

I recently read a news story about Ford (yes, the car company) and their attempt to get into the app making business. Keyfree entry for cars is nothing new, but Ford is trying to replicate this technology with website accounts. All you need to make it work are the Ford application and a Bluetooth enabled cellphone. Ford France has a noisy little demo video so you can see the concept. Basically the app uses Bluetooth to check the proximity of your phone to your computer and logs into your accounts like Facebook or Google automatically. If you move your phone away from your computer, the application logs you out of your web accounts.

As a person who loves technology I am very excited about this, because of the increased convenience this application brings. Think about never having to type your passwords again (well, as the video says, you do have to type them “one last time” when you register them with the app on your smartphone). This is one I am definitely keeping my eye on.

However, as a security professional, I cringe a little when I know how easy it is to collect and then use information that is broadcast by wireless devices. How difficult would it be to spoof the Bluetooth information that the phone broadcasts? My paranoia tells me that I should be wary of using apps like these, because, when something seems too good to be true, in most cases, it is.