New video shows Amazon Key getting hacked and raises smart lock security fears

Another week, another claimed vulnerability

Amazon Key door lock hacked again
The Ambient is reader-powered. If you click through using links on the site, we may earn an affiliate commission. Learn more

You’d never believe that Amazon Key, the service that enables Amazon delivery drivers to unlock your door and put your parcels inside, could actually be a security risk – but a new hack as shown that the system has a couple of flaws.

A video posted on Twitter shows a hacker unlocking the Amazon Key protected door, using a special device. The man, who is only known as 'MG', says that he wouldn’t reveal the details as to let the technique be "abused in the wild”.

Essential reading: The best smart locks

The video shows the attacker setting up what he calls a 'Dropbox' and concealing the device near the door. When a delivery takes place, this device – a Raspberry Pi – intercepts the app and lock communicating. When the attacker returns, he opens the door and removes the device, an the video seems to show that he now has complete control of the lock.

For the uninitiated, Amazon Key is a service launched by the company last year for Prime services. It’s a combination of a smart lock and security camera, which enables an Amazon delivery driver to open and relock your door after dropping off your package. You can watch on the camera, and the smart locks are supplied by Kwikset.

There have been multiple reports of hacks since the service went live, with some exploiting vulnerabilities around the camera and Wi-Fi network. Amazon has responded each time, and in this case it released a detailed statement to Forbes, which claimed that the hack was only possible theoretically – and not in real world situations.

"The security features built into the delivery application technology used for in-home delivery are not being used in the demonstration,” Kristen Kish, Amazon spokesperson, told Forbes.

Amazon claims the demonstration shows a vulnerability between the customer version of the app and the door, not the delivery driver's, which it claims has an added layer of security. Of course, that’s still a sizeable vulnerability, and Amazon says it’s working on a fix. Amazon also pointed out that there are many layers of added security, including the driver checking that the door is locked before they leave.

As smart locks become more prevalent, this kind of flaw has to be stamped out. Consumer trust can’t be built with these kinds of flaws seemingly being found on a weekly basis.

TAGGED    amazon alexa

Related stories

amazon alexa Apple Music with Alexa: How to play tunes on your Amazon Echo or Fire TV
amazon alexa How to create and edit music playlists with Amazon Alexa
amazon alexa Alexa and Spotify: How to connect Spotify to your Echo speakers
amazon alexa How to reset your Amazon Echo: What to do if your Alexa device is unresponsive
amazon alexa Type with Alexa makes you and your assistant texting buddies
smart home What is Amazon Sidewalk? (And why did you get that email?)