Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Protect your systems with Thirtyseven4 Endpoint Security

December 5, 2017

Santa Claus for me (as a small kiddo) was always more mysterious than magical.  There always seemed more questions surrounding this white bearded man than logical answers my parents could convincingly provide.  For example: Of all places for someone as famous as Santa Claus to call home and setup a toy making shop (i.e. Hawaii, etc.), why did he choose the North Pole?  Also, how could one man utilizing a bunch of flying reindeers (flying reindeers! And one with a glowing red nose, to boot!), ever be able to deliver millions of presents to all the children of the world in a single night?  However, the most perplexing questions of all (for me) centered on his home delivery service.  My house had a wood burning stove and chimney, and since I grew up in Ohio, both were always in use.  With all the chimneyed-homes (like mine) across the world, wasn’t the scorching of clothing and skin an occupational hazard for Old Kris Kringle?  And as would be particularly true with our wood-burning chimney—Santa would have been absolutely filthy from all the chimney soot.  And how was he able to fit down every chimney in the first place?  And even more confusing yet, what happens if a house (apartment, townhouse, condo, orphanage, etc.) didn’t have a fireplace, as is the case with many newer homes that often will vent without a chimney?  And the facts it seem, are not in jolly old St. Nick’s favor.
Finally some good news: While for decades parents have struggled with similar Santa questions, future parents and parents of Santa-believing little ones need not struggle anymore!  We no longer have to convince our precious children of Santa’s “magic key” into our house, as we can now have a perfectly acceptable and logical answer: Our 21st century high-tech Santa can use the “Amazon Key”.  Problem solved.  Well, not exactly.

If you haven’t already heard, back on October 25th Amazon announced its release for the Amazon Key.  The Amazon Key is a new service offering in-Home delivery service for its Amazon Prime Members.  According to Amazon, the Amazon Key provides you the opportunity to receive packages just inside your front door and lets you grant permanent or temporary access to family, friends, neighbors and other folks you trust (i.e. Santa Claus?).  Amazon Key would also allow you to give temporary access to recurring visitors like “dog walkers, house cleaners, or out-of-town guests”.

In order for Amazon shoppers to take advantage of the Amazon Key service, those interested must first purchase the Amazon Key In-Home Kit.  The In-Home Key consists of the Amazon Cloud Cam and an Amazon compatible Smart Lock.  The Amazon Cloud Cam, carrying a price tag of $139.99, is an indoor security camera where users can monitor their home 24/7 in 1080 Full HD, and for those wondering, it also sports night vision capabilities (didn’t I see a movie about this once?).   For the Smart Lock option, users are given a couple options each offering similar functionality (i.e. Yale Assure Smart Lock Touchscreen or Kwikset SmartCode Keypad Smart Lock, etc.).  Users will also be given the option to select ‘Free “Professional” In-Home Installation’. Once the In-Home Kit has been purchased and installed, shoppers then move forward in shopping on Amazon as they always have, and when completing the purchase process, they will select “FREE in-home delivery” at checkout.
At the time of this writing, the In-Home delivery wasn’t yet available for all zip codes.  After checkout and on delivery day, you’ll receive a notification in the morning and another just before the delivery arrives at your address.  Amazon goes on to state that the driver will always knock first before requesting access (is one knock enough to rouse me from a nap?) and that the scheduled delivery driver is verified through an authentication process. Amazon will then turn on your Cloud Cam to record the delivery, and then grant access for the driver to deliver your package just inside the front door.

Does this sound complicated, detailed, and even a little fishy to anyone else?  There are too many steps!  And no matter how it is packaged or presented…our privacy is being sold under the title of “Amazon Key”.

Are you willing to give Amazon a key to your house?  Are any red flags going off in your head?  Are we jumping the shark in trusting technology?  Before you answer, let me detail a couple of additional facts about the Amazon In-Home delivery.  First, in order for the In-Home delivery to be completed successfully, all home owners with a home security system must first disable it the scheduled day of delivery.  (Red flag.) Second, all pets (guard dogs, etc.) must be properly caged (they can’t be responsible for pets that go missing), and lastly, you are also granting Amazon the right to open your door willingly. I live and breathe technology, and am someone who greatly enjoys new technology.  However, as a security professional, I am also realistic in the understanding that technology isn’t always reliable.  Amazon, on the other hand, has been very bold in its initial statements boldly attempting to convince that all will be okay, and that they have solved the delivery theft problem.  The problem is people know this isn’t just about solving the delivery theft problem…it is about getting eyes into our homes.  It’s about beginning a deep sales-process and progression for Amazon In-Home services more marketable/profitable.  Amazon is set to launch and roll out 1,200 home services from pet-sitting, cleaning services, etc. in the near future.  But are we ready for it?  Per social media chatter and pop-up polls, it appears most people (over 47%) feel the new service is a “disaster waiting to happen”.
Other than the obvious risks (burglary, shady delivery drivers, pets/toddlers gone missing, etc.), let’s quickly explore some cyber risks.  

Let’s remember the Mirai malware that penetrated and exploited networked devices and turned such devices as security cameras into a massive botnet to launch large-scale network attacks to take down major websites. I believe it would be safe to assume that if vulnerabilities were ever found in the Amazon Key's software those cameras could also be turned into a botnet, too.  At the moment, there is less transparency surrounding the underlined technology used in Amazon associated products since neither Amazon nor the manufacturer's technical specifications pages list the security protocols used within the locks.

Other questions could be raised about the lock's software- will this software be frequently updated and if so, how frequently?  Will the updates be automated?  As we learned with the WannaCry scare over the summer, users simply don’t bother updating their software even for the most critical updates.  Lastly, what would happen in the event the company ceased to offer support for the locks?  Or the software needed upgrading?
Looking through the SmartLock products on the Amazon website, at least one of the locks uses Wi-Fi, which could lead to an insecure potential dangerous situation.  Some of the others utilize the Bluetooth low energy technology, which offers additional security but still leave users vulnerable.   With the In-Home delivery being done in the Cloud, there are legitimate concerns about Man-in-the-Middle style attacks if the Cloud servers should be breached.   Bottom line is that there is a lot to consider, as one major security breach could give virtually any hacker access to your home, your children and your privacy.

For perhaps millions, we have already allowed Amazon ears in our homes (i.e. Amazon Echo, Echo Dot, Echo Spot). I ask again, are you now willing to give Amazon eyes in your home?  Like everything, the decision is yours.  For me, the answer is no.  I’ll take my chances hiding the keys under the mat

When my kids really want to know the truth about how Santa gets into chimney-less homes, it will be an ideal time to reiterate the true Reason for the Season--the miracle of Jesus’ birth.  It’s fun folklore and a treasured bedtime story to hear about Santa’s Christmas Eve escapades, but proving it would be tricky, and might have some hidden angles.  I feel the same about some of today’s advancements in technology.  We still have to keep our wits about us.  Every new toy out at Christmas doesn’t have to be under the tree.  Especially a “security system” toy that might have the capability of keeping tabs on us inside our homes.  Technology should not make us vulnerable.  And just because I am a techy doesn’t mean that I have no street smarts.
I know how “Santa” really gets presents under our tree, and I also know when marketers are inviting themselves into our home.  I think it will be simpler and safer for me to pick up any delivered boxes outside my door when I get home.  Just like I do every year. 

Blessings to you and yours this holiday season and thanks for making 2017 such a positive Year!


Thirtyseven4 - Industry Leading Endpoint Security Solution

“Delight yourself in the Lord and he will give you the desires of your heart.” Psalm 37:4