Now Amazon wants the keys to your car

What could possibly go wrong?

Now Amazon wants the keys to your car

If you weren’t finding the prospect of Amazon delivering your Prime packages by drone, or Amazon delivery staff being given temporary access to your house to leave parcels in your hallway, evidence that the world is moving too fast for our puny human brains to comprehend, then here’s the online giant’s next plan.

Amazon is now offering to make deliveries direct to your car.

Amazon Prime members who live in select cities are now able to register their car model, and then request that a delivery be made to the car on the scheduled delivery date at a designated delivery address. Oh, and if I wasn’t clear, the delivery will be made to the

Here’s what the Amazon blurb says:

On delivery day, park your vehicle within two blocks of the delivery address in a publicly accessible area. You’ll receive a notification in the morning with a 4-hour delivery window, and an “Arriving Now” notification when the delivery driver is headed to your vehicle. When the delivery driver arrives - before your car is unlocked - Amazon verifies that an authorized driver is at the right location with the right package, through an encrypted authentication process. No special codes or keys are given to the driver. The driver will then place the package inside your vehicle and request to relock it. We will let you know when your vehicle is relocked, and you’ll get a final notification confirming the delivery is complete.

Of course, all of this depends on you having a “connected” car that can be remotely unlocked. From the sound of things Amazon has teamed up with connected car services run by the likes of OnStar (supporting Chevrolet, Buick, GMC, and Cadillacs) and Volvo.

Regular readers may recall that security researchers have found ways to exploit OnStar’s solution in the past, proving it would be possible for unauthorised users to locate, unlock and remote start vehicles.

Personally I’ve never had a desire to unlock my car when I’m not actually in the presence of my car. So I’ve never been keen to buy a car which includes such a potentially security-weakening feature.

But I would feel even less comfortable with the idea of sharing the ability to unlock my car with third-party organisations, and their army of underpaid delivery staff desperate for a toilet break.

Oh, and don’t make the mistake I initially made of thinking that Amazon will only deliver parcels to the boot (aka trunk) of your car. They can place items wherever they like in your vehicle if you sign up for the scheme:

The delivery driver will first attempt to place the package in your vehicle’s trunk. If the package cannot fit due to size, space availability or vehicle model, it will be placed in the vehicle’s cabin.

None of this means, of course, that the person with access to your car can actually drive off in it. But I still question whether the convenience of having parcels placed in your vehicle outweigh the risks of having a way of having it remotely unlocked.

Similar questions arise from Amazon’s in-home delivery service, where drivers can unlock your front door and place the packages just inside. Sure enough, ways have already been found to mess with the security of those systems.

You can hear what we thought of Amazon’s earlier “keys to your house” idea in a past episode of the “Smashing Security” podcast:

Smashing Security #57:

Listen on Apple Podcasts | Google Podcasts | Other… | RSS

Tags: , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, ,

4 Responses

  1. Chris Pugson

    April 24, 2018 at 11:17 pm #

    Oh dear! My Wolseley 1500 is incompatible.

    • Mike O’R in reply to Chris Pugson.

      April 25, 2018 at 12:45 am #

      So is my Reliant Robin, Rodney

  2. Ted M

    April 25, 2018 at 4:44 pm #

    What impact might having a remotely unlockable car, and then using this service, have on car insurance premiums?

  3. Pete

    April 25, 2018 at 6:44 pm #

    Oh boy…even more IoT control over our lives and property. What could possibly go wrong?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.