Amazon Key IMO is a bad idea. The fact that it is based on IOT makes it worse. The very concept of you give someone access to your house with no other controls…there’s a camera to watch them but a camera will not stop anyone from doing anything else..jsut record the video of them doing it. now a security vulnerability has been found in the “smart lock” that powers this “service”. Malwarebytes does not mention the obvious problems with the entire concept(the non-technical issues)…It’s IOT/cloud based…what could possibly be wrong with this? Keep in mind that most smart keys do not ever get updated after they leave the factory….so the security problems they present will never get fixed.
Just one week after Amazon unveiled Amazon Key, a concept that would enable couriers to let themselves in to people’s homes in order to make deliveries, security specialists have warned of security flaws that could enable rogue couriers to clean out people’s homes instead.
Amazon Key uses a smart lock from Yale or Kwikset, plus an Amazon Cloud Cam security camera. Couriers can enter the property after scanning a barcode, which is checked against Amazon’s own records in the cloud to make sure that they’re in the right place at the right time.
The camera also records the delivery, providing reassurance that the courier will only leave a package behind and not have a nose around people’s houses.
However, security researchers claim to have been able to hack and freeze the Cloud Cam using a computer (or, the researchers point out, a handheld device built using a Raspberry Pi) within WiFi range.
A rogue courier could make a delivery and leave the property as normal, but disable the system before the door is re-locked. The frozen camera would not show them returning to the house, and it is up to them to relock the door.