Amazon Key exploit allows couriers to re-enter your home

Amazon Key exploit allows couriers to re-enter your home

Researchers from Rhino Security Labs recently told Wired that it's relatively easy for unscrupulous couriers or random people from the street to use a simple denial-of-service attack program to freeze the Cloud Cam's feed from any computer within Wi-Fi range.

The technique, known as deauth (because it sends a series of deauthorisation commands to the Cloud Cam), is an issue for most WiFi devices.

The service model offered by Amazon Key, which gives the company's delivery corps access to customers' homes via smart lock, sounds kind of sketchy under the best circumstances. But a new story from WIRED about a successful hack of Amazon Key may keep nervous nellies away.

Last month Amazon unveiled its "Amazon Key" service, a smartlock-and-security-camera pairing created to let delivery people into your house to drop off packages, but only delivery people, and with full video footage for accountability.

"The camera is very much something Amazon is relying on in pitching the security of this as a safe solution", Rhino Labs founder Ben Caudill told Wired.

Gillibrand Says Bill Clinton Should Have Resigned Over Lewinsky Affair
She also introduced the " Me Too Congress Act " on Thursday to address yearslong and rampant sexual misconduct on Capitol Hill. Senate seat that Hillary Clinton once occupied and is very close to the Clintons-Bill Clinton even has campaigned with her .

After a deliveryman closes a door to leave a home, there's a brief window of time in which an attacker, perhaps someone lurking in the bushes or in a nearby auto, can send out his own deauthorization script, similar to the first attack.

It's not just cameras, either-such attacks can boot any Wi-Fi device off the network, including motion detectors, sensors that report when a door is opened, and other security devices. "We now notify customers if the camera is offline for an extended period", said Amazon. In their view it is not a security issue and they say they thoroughly background-check their delivery drivers. We now notify customers if the camera is offline for an extended period.

Amazon's new service that enables couriers to unlock a customer's front door and drop off a package inside has serious security flaws. And if something does go wrong, Amazon said, it works with the customer to fulfill Amazon's Happiness Guarantee if any products or property are damaged. Researchers at the Seattle based research lab, Rhino Security Labs demonstrated how this hack can be performed and valuables can be stolen.

An update coming later this week will provide users notifications if the camera goes offline during a delivery.

Unveiled in October, the Amazon Key application and service are technically free to use, but, in addition to subscription fees for Amazon Prime, an Amazon Key In-Home Kit containing the smart lock and Cloud Cam costs $250. An attacker would have to be authorized to deliver a package at a certain address and time, regardless of whether or not the Cloud Cam were switched on or off. The driver will knock first, then request to unlock customer's door via their Amazon handheld scanner. The Cloud Cam doesn't now cache video locally.

Related Articles