New video shows Amazon Key getting hacked and raises smart lock security fears

Another week, another claimed vulnerability

Amazon Key door lock hacked again
The Ambient is reader-powered. If you click through using links on the site, we may earn an affiliate commission. Learn more

You’d never believe that Amazon Key, the service that enables Amazon delivery drivers to unlock your door and put your parcels inside, could actually be a security risk – but a new hack as shown that the system has a couple of flaws.

A video posted on Twitter shows a hacker unlocking the Amazon Key protected door, using a special device. The man, who is only known as 'MG', says that he wouldn’t reveal the details as to let the technique be "abused in the wild”.

Essential reading: The best smart locks

The video shows the attacker setting up what he calls a 'Dropbox' and concealing the device near the door. When a delivery takes place, this device – a Raspberry Pi – intercepts the app and lock communicating. When the attacker returns, he opens the door and removes the device, an the video seems to show that he now has complete control of the lock.

For the uninitiated, Amazon Key is a service launched by the company last year for Prime services. It’s a combination of a smart lock and security camera, which enables an Amazon delivery driver to open and relock your door after dropping off your package. You can watch on the camera, and the smart locks are supplied by Kwikset.

There have been multiple reports of hacks since the service went live, with some exploiting vulnerabilities around the camera and Wi-Fi network. Amazon has responded each time, and in this case it released a detailed statement to Forbes, which claimed that the hack was only possible theoretically – and not in real world situations.

"The security features built into the delivery application technology used for in-home delivery are not being used in the demonstration,” Kristen Kish, Amazon spokesperson, told Forbes.

Amazon claims the demonstration shows a vulnerability between the customer version of the app and the door, not the delivery driver's, which it claims has an added layer of security. Of course, that’s still a sizeable vulnerability, and Amazon says it’s working on a fix. Amazon also pointed out that there are many layers of added security, including the driver checking that the door is locked before they leave.

As smart locks become more prevalent, this kind of flaw has to be stamped out. Consumer trust can’t be built with these kinds of flaws seemingly being found on a weekly basis.

TAGGED    amazon alexa

Related stories

amazon alexa How to play podcasts on Alexa with your Amazon Echo
amazon alexa The best Alexa speakers: Smart speakers with Amazon's Alexa built-in
amazon alexa Samsung's 6th-gen Family Hub Fridge wants Alexa to chill out
amazon alexa Amazon Alexa v Google Assistant: Pitting the voices against each other
amazon alexa The best Alexa compatible devices to work with your smart home
amazon alexa Verizon's smart display has Alexa baked in and 4G connectivity