Amazon wants to unlock your door for in-home deliveries; security expert worries about 'a latent …

Thieves love the holiday season. Porches across the land sport packages, left there in plain sight while the homeowners are away. Easy pickings.

Amazon, you won’t be surprised to learn, believes it has come up with a solution to this problem. Prime members in certain cities now have the ability to allow access to their homes via Amazon’s digital data centers. A special front-door lock “with encrypted safeguards” allows remote servers to unlock the door. Through a security camera, the homeowner can then watch the delivery person put the package inside the home and depart.

“Not at home? Not a problem,” Amazon states in its sales pitch for what it’s calling Amazon Key. The smart lock and security camera go for about $250. The service is available in the Portland area.

Convenience is nice, but if the idea of remote, cloud-based access to your home makes you queasy, you’re far from alone.

“There is always the possibility that a latent vulnerability in the lock could be exploited either directly through the internet or through another device on the home network,” Sam Horowitz, chief information security officer for the University of California, Santa Barbara, said in a university release.

There’s no evidence to suggest Amazon Key remote access can be hacked, but that doesn’t mean there aren’t vulnerabilities that could be exploited. Comcast’s Xfinity home-security system, for example, has a flaw that could let criminals bypass an alarm by using basic radio-jamming equipment.

UC Santa Barbara experts say the possibility of a security flaw isn’t the only reason to be wary of using Amazon Key. It would be one more way you’re being tracked — your daily routine, your comings and goings — with the data stored in the cloud by a private company that has its own, and not necessarily your, best interests at heart.

Amazon heralds its cloud-centric security measures. The company says that when “a delivery driver requests access to a customer’s home, Amazon verifies that the correct driver is at the right address, at the intended time, through an encrypted authentication process” before remotely unlocking the door. It adds that “[n]o special codes or keys are ever provided to delivery drivers.”

— Douglas Perry