June 28, 2016 – Seattle: Amazon reports four times better growth rates of their Dash Buttons this year in comparison to 2015. The little Internet of Things (IoT) button you install in your homes allows for almost instant orders so you can easily resupply on items you frequently use.
The Amazon Dash Button is linked to your smartphone and wifi as well as with your Amazon user account. The button is programmed to order a particular item to be delivered to your place as soon as it’s hit. A verification message is then sent to your smartphone in order to prevent orders sent out by mistake.
In theory this sounds all great and is improving the life of the users, by giving them back a little bit of time and avoiding effort, but is this really going to work out as planned? Is the device safe to use and to hook up with your local network or are you opening a box of worms by installing this in your home?
Unfortunately the Amazon PR team declined to answer our questions even though it previously seemed like they were going to work with us on this report. However we got great insight from industry and adoption experts, which we want to share with you.
Fake devices could introduce risk
We also made sure to check the product with experts of information security and cyber awareness. Stephen Wright, General Manager at the National Cyber Skills Centre of the United Kingdom was so kind to provide his insight on the Dash Button. He says, “With no insight into the security protocols being adopted it is hard to comment on the security risks but is worth noting that those wanting to gain access are very creative and can piggyback on all kinds of devices and data streams. If they do become widespread one way to compromise might be to develop clones sold cheaply through other channels, they could carry malicious code, or even cameras and microphones.
It should be remembered that items such as phones and printers have been used to access networks, I have also seen smart toasters and kettles hacked. The IoT is an area of concern within the security industry, if high value devices with huge development budgets can be compromised despite care and attention to security then it is likely little to no care will be taken with the unsophisticated almost throw away devices. In themselves there is little risk despite ordering an overabundance of detergent, but once these integrate more tightly with other devices the risks rise, and of course they would potentially provide access to the communication networks they utilize. But note that this is all speculation, there is zero evidence that I am aware of that suggest the Dash Button might introduce risk.”
Never underestimate the ingenuity of hackers
There is indeed no evidence on the device bringing harm. But is there perhaps a way of mitigating risk even further? We talked with Sr. Security Researcher Stephen Cobb from ESET and he says, “I don’t have data on reliability, but given the need to make these as minimal as possible I have to wonder how they will perform in damp locations and remote parts of the house. Battery life and corrosion could be an issue too, although I have no data on these aspects. Data leakage during transmission is a possibility but that data has limited potential for abuse. The devices themselves can be hacked for a variety of uses including triggering events on a network.
Could we see a screenplay in which push button ordering of cat litter detonates a bomb? Yes, but there are many other cheap technologies that could do the same thing. As with any digital technology, the longer it is in market, the more likely it is that someone will put it to nefarious uses. One should never underestimate the ingenuity of hackers, black hat, white hat, or gray. However, I rank these devices as relatively low on the IoT risk scale, below Internet-enabled thermostats, door locks, and fridges.”
Summary
What can we learn from this? The Amazon Dash Button has an interesting potential and knowing the track record of Amazon to change our behaviour. Regardless of all potential in positive and negative aspects, at this moment the experts do not consider the device a risk but keep their eyes on them and all future developments.
About Amazon
Amazon is guided by four principles: customer obsession rather than competitor focus, passion for invention, commitment to operational excellence, and long-term thinking. Customer reviews, 1-Click shopping, personalized recommendations, Prime, Fulfillment by Amazon, AWS, Kindle Direct Publishing, Kindle, Fire tablets, Fire TV, Amazon Echo, and Alexa are some of the products and services pioneered by Amazon.
YouTube: Amazon Dash Button
https://www.youtube.com/watch?v=EHMXXOB6qPA
Photo credit: Amazon / Silvia Spiva
Source: Amazon / Business Wire / Silvia Spiva / Stephen Cobb / Stephen Wright
Editorial notice: The “about text” has been prepared by Amazon for generic PR purposes.
