Skip to main content

Amazon Key and Security Hypocrisy

People who work in security, particularly in computer security, get a bad reputation for paranoia and for always saying no. Some of those reasons are deserved, and some aren't. Security people tend to be more aware than most of the people around them of the potential consequences of omitting some security controls. They also tend to be more aware of how often security problems cause bigger problems like lost money, lost customer information, etc.

But, the accusations against security people are also often true. Security people do have a paranoid streak. Sometimes, they get so caught up in what could go wrong that they neglect the advantages if things go right. "This could cost us a million dollars!" is a concern, but if it's something that will make billions of dollars, that might just be okay.

To deal with this conflict, most organizations have come to rely on some sort of threat modeling. I've talked about it before, but in a nutshell, you think about ways that things could go wrong, and then you think about the likelihood and impact of those things. It's the model that shows you whether the concern is likely or trivial. It's the model that shows you whether to carry on or step away.

Today, The Amazon Key was released, and this article about it was all over social media with security people making shocked, knee-jerk reactions. Obviously, this was a terrible thing that no right-minded person would ever consider. Obviously, Amazon was creating a massive legal and liability problem for themselves. Obviously, no good could come of this. 

And, obviously, nobody was thinking about the threat model. It was precisely the sort of pure knee-jerk paranoia that gives security people their bad reputation.

What is the Amazon Key? It's a combination of home security camera (that you aim at your front door from inside the house) and internet-connected door lock. You can use it to remotely let people into your house, whether those people are friends, maids, dog walkers, or Amazon delivery people. It was that last one that had people particularly worked up: "What if the delivery person steals stuff? What if they're a vampire ax murderer?"

So, let's think about this more carefully. How does the system work after it's set up?
  1. You tell Amazon to allow a specific person or a service provider (Amazon, Merry Maids, etc.) to use Amazon Key to unlock your door.
  2. When the person you've allowed shows up at your house, they use their phone to send an unlock request to Amazon.
  3. If you've allowed it, Amazon turns on the security camera and sends an unlock request to your lock.
  4. When the person leaves, they tell the system that they've left, and the door locks.

What are some scenarios where this system might be useful? What are the advantages? Here are a few that I can think of:
  1. Busy people in questionable neighborhoods or apartment buildings. (Basically, the scenario in the Amazon introductory video.) I've lived in apartment buildings where packages tended to disappear while I was at work. I would absolutely trust a random delivery guy more than I trusted my shifty neighbors.
  2. People who can't get to the door quickly. I know a few people who can't navigate stairs very well. They always miss packages, even when they're at home, because they just can't get to the door in time. There are also people who work odd hours (night shifts, etc.) who don't want to be woken up or, if they're woken, they'd rather not get out of bed.
  3. People on vacation, or people with vacation or rental homes (including airbnb). If you're not nearby, it could be really handy to let people in remotely. It would also be nice if there was a way to not leave packages on the porch for days until you returned.
What could go wrong? There are a bunch of specific scenarios, but they fall into one of these groups:
  1. Abuse: The person who you allowed into your home could mis-use their access by stealing something or harming you.
  2. Mistakes: The person who you allowed into your home might not close the door properly when they leave, allowing someone else into your home to do bad things.
  3. Technical problems: What if the door won't close properly? What if the network goes down in the middle of the process? 
  4. Hacking: This is all hooked up to the internet. A random bad guy could discover a way to send an "unlock the door" and/or "disable the camera" message to the system.

What's the likelihood? Are there compensating controls? Let's think about those scenarios again.
  1. Abuse: You have access logs and video of the person coming and going. That doesn't mean that a bad person couldn't do something bad, but with name and video, it would be an open and shut case. Amazon could make it even more secure by requiring background check information in requests or by requiring organizations that have access (maids, delivery services, etc.) to be insured or bonded for this kind of situation.
  2. Mistakes: Again, you have logs and live video. What we don't know is exactly how the person leaving and the door locking is validated. Can you lock the door without closing it? Is there a timeout after which an alarm sounds (5 minutes for a package, 4 hours for maid service, etc.)? Humans are prone to making mistakes, so you need an idiot-resistant system. We don't have that information yet, but we know that you can get a notification and watch the camera.
  3. Technical problems: What happens if the lock fails? What happens if it's an older door that doesn't close well when it's wet or cold? What happens if the power fails or the network goes down halfway through the lock process? There are a lot of pieces involved, and it's not clear how fail-safe the system is.
  4. Hacking: Amazon is big and their focus is on shopping and on internet-connected servers. While that's no guarantee, they're one of the few companies out there who's likely to put a lot of thought into security. Actually, my guess would be that when network-based flaws are found, they're found with the APIs that are made by other companies like Kwikset or Yale. No system is hack-proof, but I'm guessing that breaking in via one of these systems is trickier than you'd think.

So, are there ways to use this safely? Yes. You'd want to do the following, though:
  1. Have a "dumb" deadbolt that you can lock. If you're not expecting packages, just lock the deadbolt, and you won't have to worry about any of the smartlock failure modes.
  2. Have a way to detect and deal with problems. A timeout notification would help ("Your door has been open for 5 minutes since your package was delivered!"). If you're on vacation or have a rental home, it might be worth making arrangements with a neighbor to check on things if you call. It might even make sense for Amazon to offer a "trusted neighbor" feature where neighbors are notified when certain things happen.
  3. Ask Amazon to talk about failure modes. What happens if the power fails or the network goes down? What happens if the delivery person fails to lock the door properly when they leave?
All in all, it's not something that I need, but I can imagine situations where it would be really useful. For some people, this is a product that would absolutely be worth the trade-offs. Immediately writing it off as a terrible idea is short-sighted.

Comments

Post a Comment

Popular posts from this blog

The Virus By the Numbers

I'm writing this because there's some really insane stuff that's being said by people who should really know better, and I'm sick of discussing it one post or email at a time. So, this is my One Big Post that I'll point people toward rather than bringing it up again and again. In case you haven't noticed, we're in the middle of a pandemic. Just so that we're all using the same terminology:  The virus is Severe acute respiratory syndrome Coronavirus 2 . It's usually abbreviated SARS-CoV-2. It's a brand new kind of Coronavirus, so for a while, before it had this awkward name, people were calling it "novel coronavirus". (For the non-English speakers and D students, "novel" is another word for "new".) The disease that the virus causes is called Coronavirus Disease 2019 , and it's usually abbreviated COVID-19. It's called that because it was discovered in 2019. This came out of nowhere in China in late
Post a Comment
Read more

The Chromecast conceptual model

Google makes a device called Chromecast . It's a relatively inexpensive way to turn any TV into a "Smart" TV capable of playing movies or music. It's a clever bit of engineering, but I've run into a few people who have trouble understanding how they work. The key thing to understand is that the Chromecast is the device that's actually receiving and playing the movie (or whatever), and your phone is just the remote. Here's how the process works at a high level: You start watching a video on Youtube 30 seconds in, you decide that you'd like to watch the rest on your TV, so you press the "Cast" button. Your phone stops playing and tells the Chromecast "Get this video directly from Youtube and start playing at the 0:30 mark"  When your phone initially asks the Chromecast to start playing, it also specifies a "default thing" to do when the Chromecast is finished. If the Chromecast is playing a Youtube video, it might
Post a Comment
Read more

Audio upgrade: Schiit Fulla 2

I recently purchased a Schiit Fulla 2 . I was on the fence about it for a long time, but it's held up well, and I'm pretty happy with it. So, here's a small product review. I should probably mention that I'm generally skeptical about "audiophile" anything. I've known too many people who spend way too much money on voodoo like "oxygen-free speaker cables". This makes me reluctant to trust reviews or spend money on anything that I can't test for myself.  I've heard good audio. I go to concerts. I know what music is  supposed to  sound like, and it wasn't what I was getting from any of my computers, even with decent headphones, lossless audio codecs, etc. On the other hand, we have some  Sonos speakers , and with those speakers and a good audio source, music can sound really good. Since I wasn't getting that level of quality at the computer, it meant that there was something between the computer and my ears that was part of
Post a Comment
Read more