Amazon launched a new service last month–Amazon Key–which made it possible for couriers to unlock customers door, and leave the package inside. This was monitored through a Camera–Cloud Cam–which made sure that customers can see who left the package and if everything is safe.
Now security researchers have found a flaw in it which lets one disable the camera for some time, and still get into the home bypassing the smart lock. This means it will leave the customer with no video proof. The hack is possible within the WiFi range as reported by Wired. After the hack, the app shows the door as closed.
“The camera is very much something Amazon is relying on in pitching the security of this as a safe solution,” Ben Caudill, the founder of Rhino Security Labs told Wired. Researchers from the security firm uncovered the Amazon Key attack and replicated it. “Disabling that camera command is a pretty powerful capability when you’re talking about environments where you’re relying heavily on that being a critical safety mechanism.”
Here is a video demonstration of the same:
A spokesperson from Amazon said to The Verge:
“Safety and security are built into every aspect of the service. Every delivery driver passes a comprehensive background check that is verified by Amazon before they can make in-home deliveries, every delivery is connected to a specific driver, and before we unlock the door for a delivery, Amazon verifies that the correct driver is at the right address, at the intended time. We currently notify customers if the camera is offline for an extended period. Later this week we will deploy an update to more quickly provide notifications if the camera goes offline during delivery. The service will not unlock the door if the Wi-Fi is disabled and the camera is not online.”
That said, all Internet Enabled devices and IoT’s are bound to face this kind of problems, and the companies need to be ready for it. The same happened with Amazon Echo Devices which had the Bluetooth flaw, and now this. I am sure Amazon is pretty serious about their services, and they will patch them up.