• United States



Who are you really inviting in?

Dec 13, 20174 mins
Identity Management SolutionsInternet of ThingsPhysical Security

The hackable doorknob next door…

package delivery
Credit: Thinkstock

Back in the olden days, you might have hidden a key under the door mat, in a flower pot, or hanging on an inconspicuous nail somewhere on your property. It not only meant you would never be locked out of your own home, but it was also a move for safety or convenience. Paramedics could open your door with directions if you were hurt inside your home, and neighbors who called you at work about a large package on your doorstep could help you out by moving it inside.

Over the years, technology has caught up with our home security. For years now, retailers have sold front door deadbolt locks that allow outsiders access to your property by punching in the physical buttons on the lock, releasing the mechanism and letting them open the door. That meant changing out the code every single time you shared it with someone though, just to ensure that they didn’t come back at a later date.

Now, the new wave of high-tech access involves one-time-use entry thanks to your home WiFi and a smartphone. One example of this technology is Amazon’s newest connected product, Amazon Key, which lets you give someone a one-use password through their phone app that opens the front door to your house before locking it behind them.

Of course, Amazon has unveiled this product with retail reasons in mind: Amazon Key is being tested in certain markets to allow delivery drivers to enter your home and put your purchases securely inside the house. A cloud-connected camera monitors the whole thing. The driver cannot re-enter your home at a later date, but you can rest assured—especially if you live in a high-traffic or unsecured multi-user area—that your purchases are safe. This saves the retailer money, as it can cut down on the costs associated with replacing stolen items, and it can save consumers money in the long run as well.

As it stands, we’re walking a fine line between keeping our homes secure and allowing for this kind of convenient access.  Back in the “good old days,” we’d simply tell someone where to find that key we’d hidden under the mat or tucked down in the flowerpot. Now, we’re simply switching to technology to do this for us while adding another layer of protection that stops someone from finding or reusing our key.

The key of yesteryear is now an app that activates the sensor in the door lock itself, and that might seem more secure on the surface. But how is this key hidden from cybercriminals? Can our doorknobs be hacked, giving not just one-time access but repeat access to an unauthorized person?

In the face of new technology, there’s little point in fear mongering, but the reality of this new capability is that it isn’t the same as that old hidden key of yesteryear. In actuality, we’re constantly connecting more of our devices to the internet, such as our cars and homes, and that means nefarious actors will continue to figure out ways to exploit it. It’s not a matter of if a hacker can work their way into a remote lock on our doors but when, and what they will do with that access. What do criminals stand to gain from opening a front door through cybercrime when they could simply break out a window?

The answer is unclear so far, but that’s the kind of question that technology forces us to ask. As we saw with some of the smart car hacks, people with the right know-how can exploit vulnerabilities. It’s what they do with that ability. For example, to seize control of a vehicle on the road and use it for harm (which has yet to occur in a genuine real world way) determines the level of fear we need to acknowledge. In the case of connected devices and homes, we’ve already seen some examples for the motivation behind hacking, like using our Internet of Things devices to spread DDoS attacks, but we’re still a little unsure of how this will be monetized for someone’s gain.

We need to think about the repercussions of any new innovation before we decide whether this kind of technology is right for us, or if it’s in line with our comfort level. In the end, this kind of access comes down to a personal choice based on convenience or need, but it’s not one that should be made lightly or without much thought. Understanding all of the ramifications and potential pitfalls is important when adopting any “newfangled” tech, and this one should be treated with exactly the same level of discernment as any other.

Eva Velasquez is the President/CEO at the Identity Theft Resource Center. Eva previously served as the Vice President of Operations for the San Diego Better Business Bureau and spent 21 years at the San Diego District Attorney’s Office. She has a passion for consumer protection and educating the public about identity theft, privacy, scams and fraud, and other related issues and is recognized as a nationwide expert on these topics.

Eva has been featured on such outlets as the CNBC Nightly Business Report, Huffington Post Live, Forbes, Bloomberg, Kiplinger’s and numerous other outlets. She is the driving force behind the first free ID Theft Help App and the ITRC Hands-On Privacy Program which aims to empower our community to protect their mobile data. Eva is regularly invited to speak at events nationwide and has recently had the privilege to present at such forums as Twitter’s National Cybersecurity Awareness Month’s Event, the Victims Of Crime Act (VOCA) National Training Conference, the Privacy Xchange Forum, and the National Association of Area Agencies on Aging’s annual N4A conference with the Federal Trade Commission. As the head of The Identity Theft Resource Center, Eva has co-hosted events with Google and Lexis Nexis.

Eva is a recipient of awards such as The Stevie Award for Women in Business recognizing women internationally and the 2016 Women Who Mean Business Award for her contribution to San Diego’s business, civic and cultural landscape.

The opinions expressed in this blog are those of Eva Velasquez and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.