Cybersecurity researchers said that they have found a key vulnerability in one of Amazon’s most prominent new services. The company this fall rolled out Amazon Key, which lets couriers unlock your door and put packages inside your home.
The service works in tandem with a smart lock and Amazon’s new Cloud Camera, which records the delivery person’s movements once inside the home. What could go wrong…right?
Well, staffers at Rhino Security Labs in Seattle said that they have been able to disable the camera, raising the possibility that a courier could roam throughout a residence, according to Wired magazine, which first reported the flaw.
Amazon Key vulnerability could leave your home unprotected
“The camera is very much something Amazon is relying on in pitching the security of this as a safe solution,” Ben Caudill, the founder Rhino Security Labs, told Wired. “Disabling that camera on command is a pretty powerful capability when you’re talking about environments where you’re relying heavily on that being a critical safety mechanism.”
The researchers said that the camera can be overwhelmed by initiating a distributed DOD (denial of service) attack, basically sending it a bunch of random information requests. This temporarily disables the device, which is one of the main components of Amazon Key, touted as a brilliant technical solution to package theft.
In a video demonstration posted on Wired, a person was able to open a door, drop off a package, leave the home then re-enter it without the camera detecting them.
The glitch is not technically a bug in Amazon Key, but rather a vulnerability in all Wi-Fi-enabled devices, which can be tampered with by sending a stream of commands to a router. In most cases when it is inundated with a script, a device will turn itself off, but researchers said that Amazon Key’s camera actually froze, showing the last frame (in this case, the homeowner’s closed door) before it was disabled. In reality, the door was opened and accessed a second time by the courier, according to the demonstration.
After becoming aware of the flaw, Amazon said that it will send a security patch to fix the issue, according to Wired.
The security flaw comes at a bad time for the Seattle-based online retailer, who is banking on Amazon Key this holiday season, when shoppers are most likely to opt for home deliveries.
Meanwhile, a writer for finance website CNBC found out that despite shelling out about $250 for Amazon Key, its couriers may still leave your package outside your home – if they hear a dog inside, no matter the size.
When he called Amazon about it, a spokesperson told him, “This is what a delivery driver is trained to do if he or she hears a barking dog or clawing at the door. It’s safer for the driver and prevents a dog from running around the neighborhood.”
Makes sense, but hard to believe the latest and most innovative technical invention to thwart package thieves could be undermined by a poodle.
If you’re a frequent Amazon shopper, ask yourself: Am I taking advantage of all the ways to save money using their services?
Money expert Clark Howard says that, “If you’re a frequent Amazon shopper, it makes good financial sense for you to maximize your savings when purchasing from the company. Here are five ways to can enjoy the convenience of shopping online with Amazon while saving even more money.”
Here are two ways that Clark says Amazon shoppers can save.
Share your Prime membership with others: Prime comes with a number of amenities that make it worthwhile, including free shipping on products and unlimited streaming of movies and more. Of course, whoever you share it with should split the annual $99 cost, saving you even more money.
Check out the Warehouse: Some people might not be aware but Amazon has a feature on its website called “Warehouse Deals,” where you can find some hefty discounts on everyday items.
Got any other awesome Amazon tips? Let us know in the comments.