Now Amazon wants the keys to your car

What could possibly go wrong?

Now Amazon wants the keys to your car

If you weren’t finding the prospect of Amazon delivering your Prime packages by drone, or Amazon delivery staff being given temporary access to your house to leave parcels in your hallway, evidence that the world is moving too fast for our puny human brains to comprehend, then here’s the online giant’s next plan.

Amazon is now offering to make deliveries direct to your car.

Amazon Prime members who live in select cities are now able to register their car model, and then request that a delivery be made to the car on the scheduled delivery date at a designated delivery address. Oh, and if I wasn’t clear, the delivery will be made to the car.

Here’s what the Amazon blurb says:

On delivery day, park your vehicle within two blocks of the delivery address in a publicly accessible area. You’ll receive a notification in the morning with a 4-hour delivery window, and an “Arriving Now” notification when the delivery driver is headed to your vehicle. When the delivery driver arrives – before your car is unlocked – Amazon verifies that an authorized driver is at the right location with the right package, through an encrypted authentication process. No special codes or keys are given to the driver. The driver will then place the package inside your vehicle and request to relock it. We will let you know when your vehicle is relocked, and you’ll get a final notification confirming the delivery is complete.

Of course, all of this depends on you having a “connected” car that can be remotely unlocked. From the sound of things Amazon has teamed up with connected car services run by the likes of OnStar (supporting Chevrolet, Buick, GMC, and Cadillacs) and Volvo.

Regular readers may recall that security researchers have found ways to exploit OnStar’s solution in the past, proving it would be possible for unauthorised users to locate, unlock and remote start vehicles.

Personally I’ve never had a desire to unlock my car when I’m not actually in the presence of my car. So I’ve never been keen to buy a car which includes such a potentially security-weakening feature.

But I would feel even less comfortable with the idea of sharing the ability to unlock my car with third-party organisations, and their army of underpaid delivery staff desperate for a toilet break.

Sign up to our free newsletter.
Security news, advice, and tips.

Oh, and don’t make the mistake I initially made of thinking that Amazon will only deliver parcels to the boot (aka trunk) of your car. They can place items wherever they like in your vehicle if you sign up for the scheme:

The delivery driver will first attempt to place the package in your vehicle’s trunk. If the package cannot fit due to size, space availability or vehicle model, it will be placed in the vehicle’s cabin.

None of this means, of course, that the person with access to your car can actually drive off in it. But I still question whether the convenience of having parcels placed in your vehicle outweigh the risks of having a way of having it remotely unlocked.

Similar questions arise from Amazon’s in-home delivery service, where drivers can unlock your front door and place the packages just inside. Sure enough, ways have already been found to mess with the security of those systems.

You can hear what we thought of Amazon’s earlier “keys to your house” idea in a past episode of the “Smashing Security” podcast:

Smashing Security #057: Mikko - live from the sauna - talks Bitcoin security

Listen on Apple Podcasts | Spotify | Pocket Casts | Other... | RSS
More episodes...


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

4 comments on “Now Amazon wants the keys to your car”

  1. Chris Pugson

    Oh dear! My Wolseley 1500 is incompatible.

    1. Mike O’R · in reply to Chris Pugson

      So is my Reliant Robin, Rodney

  2. Ted M

    What impact might having a remotely unlockable car, and then using this service, have on car insurance premiums?

  3. Pete

    Oh boy…even more IoT control over our lives and property. What could possibly go wrong?

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.