Is the Amazon Key a step too far in the Internet of Things (IoT)?

The Internet of Things (IoT) is becoming more ingrained in our lives, with Siri and Alexa always on hand to answer questions, play music and book taxis. Many of us can control our home heating and lighting wherever we are. Our fridge even tells us when we’re running low on milk – which is a dream for tea enthusiasts like myself (Yorkshire Gold – thank me later).

It’s likely you’re also familiar with Amazon’s Prime service, where you can have items delivered within 24 hours. If you’re really impatient (or that desperate for a cuppa at 10pm), you can sign up to Amazon Prime Now and have it with you in under 2 hours.

A bugbear for many people is that there was no upfront guarantee of delivery time. Would you be at home or work? Should you put your home or office address? Amazon Lockers were a huge step in solving this problem; simply have your helpful Amazon delivery driver pop it in a locker in a location convenient to you, and you could pick it up before or after work, or even on your lunch break.

It seems that this wasn’t enough for Amazon, or perhaps some of its demanding customers. The upcoming Amazon Key service takes deliveries to the next level. Amazon will be able to unlock your front door to deliver your parcel.

Immediate reactions to this news have, naturally, been about the physical security risks this poses; a total stranger with access to your home isn’t exactly a comforting thought…

The Amazon Key service is actually a great example of IoT devices using data to remotely execute actions, and it’s part of a bundle. You have the pleasure of paying $249 – roughly £188 – to allow strangers to enter your home. You get a smart lock (so don’t worry, you don’t have to leave your key under a doormat), which can be installed by Amazon. You also get the Cloud Cam; an integral part of ensuring this process is secure…or as secure as it can be.

This is how the process should work: you order your Amazon items and choose in-home delivery. Once your courier arrives at your door, they scan the barcode on your package, which is then sent to Amazon to verify the request. If the request is approved, your door is unlocked and your Cloud Cam begins recording. Amazon insists that the delivery person, where possible, will not enter your home, and will instead place the package in your doorway before immediately closing the door and locking it via their app. But it’s done little to ease consumer fears

To give customers a little extra peace of mind, they get real-time alerts on the progress of their package. Once the request to enter your home has been accepted, you can watch a live feed of your package getting delivered. You also have the ability to watch the footage back at any time, and the Cloud Cam can be used for general home security. Only Amazon Logistics couriers can use this currently, although it may expand to third-party couriers.

Amazon is infiltrating our homes at a remarkable rate; the Amazon Echo is now a household name, with an estimated 6 million already sold. Amazon took this to another (potentially creepy) level with the Echo Look, a smart camera intended to style you, that many are convinced will watch you get dressed.

For the technophiles amongst us, the potential invasion to our privacy is a small price to pay for a life completely optimised by technology. Last year, much ado was made of the fact that home assistants – notably Amazon’s Alexa – record and save all audio when they’re enabled. This is primarily for the purpose of improving your virtual assistants’ machine learning, to help it better understand accents, dialects and requests. But there’s still the murky detail about what happens to the recordings.

There’s also a risk of hacking; perhaps Amazon listening in on you isn’t dangerous, but outside sources could be. Your recordings saved by the likes of Alexa and Google Home are encrypted, which significantly reduces the risk of them falling into the wrong hands. However, the Amazon Key might not be quite as secure.

Two security researchers were able to hack a number of Bluetooth-enabled smart locks at last year’s DEF CON; out of the locks that were tested, 75% were found to have insufficient Bluetooth Low Energy (BLE) security. Amazon is tight-lipped on the security used by the Amazon Key, although we know it involves some level of encryption and the Zigbee wireless protocol. However, it’s reasonable to assume that there may be vulnerabilities, especially with such a high-risk service. Could we see hackers become the ultimate criminals by hacking into your front door lock to burgle your house? Amazon’s smart locks are produced by Yale and Kwikset and while the latter couldn’t be hacked electronically, a Kwikset smart lock has successfully been defeated by a flathead screwdriver.

Amazon has made it clear that the smart lock isn’t only intended for the safe (ahem) delivery of your Amazon parcels. You’ll be able to integrate it with its Amazon Home & Business Services, granting access to cleaners and dog-walkers. You can even create temporary passwords to let in trusted personnel like friends or family. This might make the eye-watering price of $249 easier to accept; the package can be used for general security and a number of other services and purposes. Because let’s face it, forking out nearly £200 for in-home delivery is a lot.

Still, you can count me out. I’m happy enough with getting my package delivered to an Amazon Locker, thank you very much. There’s no date for the Amazon Key coming to the UK, but I won’t lose any sleep over that.