Amazon Key for cars another potential breach
In-car parcel service open to exploitation
It’s probably a bellwether of exactly how much connectivity we consumers want from our cars. It might be a game-changer for automakers looking to maximize their cars’ connectedness. But perhaps most significantly — at least to we oldsters who grew up in a “car culture” — it is yet another indication that the once much-loved automobile is quickly becoming just another app to be connected to the internet of things in our quest for complete, 24-hour access.
I am talking, of course, about Amazon’s new Key InCar Delivery service, which is similar in process, if not in detail, to the retail giant’s Key In-Home Delivery system. It will allow the company to deposit packages inside your car without the need for you to be present. Essentially, Amazon’s cloud hooks up to your car’s cloud to temporarily allow access to your car — doors and trunk — so all your latest Prime purchases can be deposited therein. Since the service requires total access to your car, Key In-Car will only be available on select General Motors vehicles with OnStar and Volvo vehicles with Volvo On Call.
The initial rollout is limited to the same 37 American cities that are served by the in-home service. That limitation is unlikely to last very long, however. Similar programs have been tested with Audi in Germany, and other automakers, eager not to be left unconnected, are in talks with Amazon to roll out similar service across their vehicles.
The process is simple both to initiate and use. You download the Amazon app, load in your car’s information and then, when a package is to be delivered, the car’s GPS location device is sent to the courier, they verify your car’s licence plate number — which you input when you signed up — and you are notified of the impending delivery. Then, and only then, says Amazon, does GM or Volvo open your car door — and it is the automaker that unlocks your car, not Amazon — and the package is inserted. Amazon then guarantees the security of both your car and package by having the courier wait until the cloud once again locks your car before continuing on to the next delivery.
As far as limitations go, the restrictions on what might be delivered and where seem to amount to nothing valued at more than US$1,300, the package, of course, has to fit in your vehicle and, most importantly, you car has to be “easily accessible,” ie., no parking garages.
As secure as that process might seem to be, there has been more than a little online backlash, commenting on both the social ills and the security concerns that Key In-Car might engender. Hacking of cloud-based services, of course, is always an issue. Wired, for instance, has already noted that Amazon’s similar home delivery system’s security camera — no such camera is provided for the car delivery service — has proven fallible. With nothing more than a laptop within range of your WiFi system, potential home invaders can convince the security camera to send a false signal that your house is empty even as they are, for example, ransacking your living room.
More important is that the Amazon connection gives all those big, bad blackhat hackers we fear yet another portal — what Craig Smith, the author of the Car Hacker’s Handbook, calls “vulnerabilities” — to infiltrate you car’s computers for nefarious purposes. Nor is Amazon’s access to your car likely to remain solely for package delivery. If the Key In-Home system is to be eventually opened up to dog walkers and cleaning services as projected, there’s no reason to believe that access to your car won’t eventually include mechanics and detailing services. And again, as Smith notes, the more people who have access to your security system, the more it is open to being “exploited.”
Indeed, according to a CNBC op-ed, the popularity of this service depends as much on the trust consumers have in Amazon as our belief in security systems.
Imagine, says author Timothy Carone, if Facebook offered a similar service. Would we trust them? Would we be willing to hand over the “keys” to the two most valuable items we own — home and car — to companies that would share our data with Cambridge Analytica?
“Ludicrous,” says the professor of IT, Analytics, and Operations at Notre Dame’s Mendoza College of Business, noting that, on the other hand, we seem to trust Amazon to “solve problems for us that we need solved.”
As for social comment, Key In-Car would seem yet another dagger into the mythical place automobiles once held in our hearts. Where previous generations guarded their pride and joy with a vehemence bordering on the parental — as a teenager, for instance, I was not allowed to drive my dad’s Chevrolet Biscayne, so possessive was he of what was already an eight-year-old rust bucket — and now we let virtually anyone with a Turo membership behind the wheel of our Porsches. Letting the delivery boy have access to the trunk seems minor in comparison.
The automotive industry has long fretted that interest in cars is waning. Like most privacies lost, it seems we’ll sacrifice our right to car ownership one little bit at a time.
As for your somewhat security-conscious scribe, I’ll just say that as someone who travels a lot — and who is constantly riven with paranoia that I have forgotten to lock my door — I have long contemplated installing an Amazon-like internetbased locking mechanism in my house. If — or probably when — I do take the plunge, however, I will do so only if I can back it up with a good old-fashioned manual deadbolt.
Maybe that’s not realistic. Maybe it’s not even effective. But it is how much I trust the internet.