Amazon Key customers beware: A security researcher has discovered a hack that hinders Amazon Key’s ability to lock, allowing anyone to get into a Key-enabled home.
According to Tom’s Guide, the Bay Area researcher, identified simply as MG, posted a proof-of-concept video on Twitter on Sunday.
"I'm withholding details until Amazon has a chance to fix this," MG said. "Don't want this being abused in the wild."
Amazon Prime customers can utilize Amazon Key, which allows the eCommerce giant to remotely unlock a home's front door to leave an Amazon delivery. The customer can watch the entire delivery unfold via Amazon's Cloud Cam security camera. The compatible smart locks are made by Kwikset and Yale. The package with camera and smart lock, including free installation, costs $250.
This isn’t the first time the system has been hacked. Last November, it was discovered that Cloud Cam could be manipulated by a simple program running from a computer that is within Wi-Fi range of the camera. The software could disable and freeze the camera, so a viewer would only see a closed door even if the door was open, enabling a dishonest delivery person to rob the home. Amazon fixed that flaw with a software patch.
Still, MG wasn’t impressed with the company's response to the security issue. "Amazon downplayed the last attack on this product because it needed an evil delivery driver to execute. This doesn't," he said on Twitter. "It's all current software."
This latest news surely won’t boost Amazon Key’s popularity with customers. A SurveyMonkey poll last year found that about 58 percent of Amazon Prime customers would definitely not buy Amazon Key – only slightly less than the 61 percent of all U.S. adults who wouldn’t buy the product. Among Prime subscribers, only 5 percent said they would definitely buy Amazon Key, while only 4 percent of all U.S. shoppers said they would.