Jump to content

  • Log in with Facebook Log in with Twitter Log In with Google Log In with Steam Sign In
  • Create Account

Amazon Key unlocked: why Amazon wants to get its foot in your front door

  • Please log in to reply
No replies to this topic

OFFLINE   sincity


    Advanced Member

  • Members
  • PipPipPipPip
  • 2557 posts
Getting Better

Would you let a stranger into your house while you're out just to drop off a package? Amazon thinks you will if the tech is right, and is launching Amazon Key on November 8 in 37 cities in the US. 

However, the service – which will allows couriers to open your front door and drop-off a package – is less about your convenience, and more about Amazon’s ultimate ambition; it wants to own the smart home future. But is it safe?  

We'll break down what we know about the service and how it's going to work, and then talk to some security experts to see what they make of Amazon Key.

Users will be able to live-stream video of couriers dropping-off a package. Credit: Amazon

How does Amazon Key work?  

Available at no extra cost to Amazon Prime members, Amazon Key is a unique 'in-home' delivery service built on what Amazon calls 'secure home access'. The tech involved is the smart home personified; to use Amazon Key, you'll need to install both a digital keyless lock and an Amazon Cloud Cam. (Both of which, Amazon is selling together in a bundle for $249.) 

Next comes a layer of digital admin; you can track the delivery, get real-time notifications, actually watch a live feed on your phone from the Amazon Cloud Cam of the delivery happening or watch a video later after it's complete. 

So the access code to your home is given to a random courier? Well, not quite. 

When a delivery driver requests access to your home, Amazon verifies that the correct driver is at the correct address at the agreed time, and engages in encrypted authentication (thus checking the identity of the courier, and sending a message in a way that cannot be hacked). That process kickstarts Amazon Cloud Cam, which starts recording just before the door is unlocked. 

Is there a security risk?  

Amazon Key is being marketed as making online ordering ultra-convenient, but some think it could be a security risk waiting to happen. 

“In theory, the new delivery service launched by Amazon sounds great for consumers – missed deliveries must be one of the biggest gripes among the generation that likes to buy everything online," says Lee Munson, security researcher for Comparitech.com.

“In reality, it sounds like it may be a classic case of convenience trumping security. Staff-vetting isn’t totally fool-proof, smart locks can malfunction, and the majority of smart home products should come with a warning on the box, because many manufacturers appear to prioritise sales over security." 

It might look like Amazon is thinking about its customers with Amazon Key, but there's a lot more to this new service than pain-free deliveries; this is part of a battle for the future based on largely unproven tech.

Amazon already offers WiFi-connected Dash Buttons. Credit: Amazon

Could the system be hacked? 

Are keyless door locks safe from hackers? “At this point we really have no idea how secure this system is, although frankly Amazon has a pretty good track record," says Geoff Webb, vice president, product marketing and solutions strategy at software company Micro Focus. "It's unlikely that they would be offering a product like that without giving it a lot of due diligence in security." 

That's surely true, but even if we 100% trust in Amazon, its latest service could still prove to be unsecure. "It's not how Amazon will use the information, but how hackers could potentially exploit it," says Adam Maskatiya, UK and Eire General Manager at cyber security company Kaspersky Lab. "What makes the issue particularly dangerous is its potential reach – if a hacker can access the database of door codes, they can gain entry to a whole street’s worth of homes." After all, hacks against Internet of Things (IoT) devices are on the rise. 

"If a hacker can access the database of door codes, they can gain entry to a whole streetís worth of homes."

Adam Maskatiya, Kaspersky Lab

"As we’ve seen in recent high-profile cyberattacks, one lucky hit by the attacker is enough to bring down the entire operation and cause reputational damages," says Matt Walmsley, EMEA Director at threat detection company Vectra, whose latest blog details how to make a webcam into a backdoor. That way, burglars could see if you were home, and even see that there's a tasty new Amazon delivery to steal. 

Of course, Amazon will have robust precautions to secure Amazon Cloud Cam and the keyless door locks, but cyber risks will remain. Your front door could become a backdoor into your smart home system. 

Amazon plans to vet its couriers. Credit: Amazon

Prime suspects 

The technology Amazon Key will rely on is not 100% safe, but let's get real; the bigger threat is people. "We already know that digital locks are susceptible to hacking, but in the immediate future I don't foresee your average burglar going around trying to hack digital locks," says Vince Warrington, director of information security company Protective Intelligence. After all, the average burglar won’t have a clue how to hack your keyless lock. 

No, the main risk in the system lies with the authorised delivery driver. 

"I can see either opportunistic theft occurring, or criminal gangs infiltrating the system by getting their own people approved as delivery drivers, or through bribing the approved drivers themselves," says Warrington. 

Those risks will increase when Amazon expands the service – as it plans to – to give 'secure home access' to dog walkers, cleaners, plumbers and decorators. Is Amazon Key's multi-factor authentication process enough?

"It may provide robust access control, but once they're in the building, the homeowner is relying on a trust model, with no way to exercise control."

Matt Walmsley, EMEA Director at Vectra

"It may provide robust access control, but once they're in the building, the homeowner is relying on a trust model, with no way to exercise control," says Walmsley. 

If Amazon plans to vet its couriers so fully, why is the Amazon Cloud Cam required? It appears to be an attempt to use tech to persuade us. 

As with the Echo, Key is about the smart home future. Credit: Amazon

Why is Amazon launching this service?  

It's also very easy to be cynical about why Amazon Key is being launched. 

Exclusive to Prime members, it's an attempt – like Amazon Prime Instant Video  – to persuade as many people as possible to pay a monthly fee for the privilege of faster deliveries. (Prime members currently pay $10.99/ £7.99 / AU$5.99 per month.) 

Then there's the cost of the Amazon Key In-Home Kit, which includes an Amazon Cloud Cam and a compatible smart lock from Yale or Kwikset. The price for both starts at $249.99, which does include free professional installation. So the initial set-up costs go straight into Amazon's coffers, too. 

However, neither is the main reason why Amazon Key has been created; this is about the future of shopping. 

"It’s a strategy to create subscriber engagement, spend, and loyalty for Amazon’s services and ecosystem," says Walmsley. "As the home automation market continues to grow at rapid speed, new innovations and digital access control systems will become readily available for consumers. Amazon is seeking to take advantage of the intersection of home automation and innovative online shopping services." 

Is Amazon Key a case of convenience trumping security? Credit: Amazon

Owning the smart home future 

This is literally about Amazon getting its foot in your door. “What you see here is Amazon continuing to drive the conversation and set the technology agenda in the escalating land-grab that is the connected smart home," says Webb. "The real prize here isn’t your front door, it’s the whole house." 

Amazon isn't the only one, of course; Google is also making a play to be your home's central hub with devices such as the Google Home and Google WiFi, with Apple HomePod up next. The battle to be the go-to next-gen smart home ecosystem provider has begun. 

It goes even deeper than that. “The implications for the smart home go far beyond the consumer world," says Webb, who explains that global businesses understand that knowledge workers want to seamlessly blend office, car, and home so they can access information at any time, and from anywhere. 

"The company that sets the standard for smart homes also becomes highly relevant for technology-dependent companies who want to tie together the office and the home, securely and simply. Ten years from now, that’s going to be pretty much every successful business on the planet."

Amazon doesn't care about your front door. What it wants is to build, and control, the ecosystem of the smart home and businesses coming in the 2020s. Amazon wants to own the future.  

Pet owners will struggle with the concept of Amazon Key. Credit: Amazon

Will customers trust Amazon enough for this service to work?  

Amazon Key may turn out fine, with no security problems, but copycat services from other retailers – using less secure hardware – will likely mean the 'secure home access' market will prove controversial. As it should, according to some. 

"Until Amazon can prove that this delivery service works well, without anyone being burgled, via independent commentary, I do not believe the majority of people will be interested in such a risky proposition," says Munson. "If I’m wrong in that assessment, then the government, schools and security industry has a heap load of work to do on security training and awareness.” 

What Munson is saying is that the Internet of Things is not safe, but there's another, less talked about problem with Amazon Key that pretty much kills it dead for a huge number of homes: pets. 

Just under half of all homes in the US and the UK have either a dog or a cat, and the thought of them escaping because a stranger opens the door will be horrifying. It may have little to do with the smart home, but for those millions of households, the Amazon Hub locker remains a much more palatable idea.  

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users