Update: Amazon has responded to claims that the security of its Amazon Key smart lock system can be compromised. Speaking specifically of the steps Amazon takes to protect a customer, an Amazon spokesperson said:
"The delivery driver must complete all steps of the in-home delivery on her/his handheld system to move to the next delivery, including physically checking to ensure that the door is locked.
"During a delivery, the customer can see time stamps regarding how long the door is open and Amazon receives an alert if the door is unlocked for more than several minutes. In the extremely rare case Amazon is unable to lock the door after a delivery, we immediately call the customer."
The original story continues below.
There's no denying that it's an annoyance to miss a delivery – especially one that's been fast tracked by the premium Amazon Prime service you've paid for. But it'd be a whole lot more annoying if a desire for a speedy delivery led to your home being robbed instead.
That's what's alleged to be a potential hazard of using one of the new Amazon Key security systems. To avoid missed deliveries, the web-connected smart lock gives delivery workers temporary access to your property, allowing them to leave your parcel safely indoors without you being present. An included Wi-Fi camera acts as a deterrent for any light-fingered delivery person who may want to make off with your personal items.
However, the integrity of the security system has been called into question by a hacker who has shown that it's possible to manipulate the system so as to give anyone access to an Amazon Key-protected property.
Open-sesame
I call this the "Break & Enter dropbox" and it pairs well with my Amazon Key (smartlock & smartcam combo). It's all current software. Amazon downplayed the last attack on this product because it needed an evil delivery driver to execute. This doesn't. pic.twitter.com/35krz46KabFebruary 4, 2018
A hacker known online as "MG" posted the above clip, showing the Amazon Key's security protocols being overriden in a controlled situation.
Though MG is withholding the details of how his hack works until Amazon has had an opportunity to address the issue, the video shows the Amazon Key's lock potentially remaining open even when a delivery driver's access allowance has expired.
It appears to take advantage of what's called a "dropbox" – a mobile computer with Wi-Fi connectivity, which can control the key, either finding a way to prevent it from re-locking itself, or simply unlocking it itself.
