Researchers claim to have found “simple” way to hack Amazon’s heavily advertised Key service.
Researchers at Rhino Security Labs have apparently identified a serious flaw in Amazon’s Key delivery service and the associated Cloud Cam security camera that comes with it. The problem could allow criminals posing as couriers to easily tamper with the web camera, knock it offline, and fool unsuspecting home owners into thinking that their home is empty, when the reality is far from the truth.
The researchers released their findings to the world earlier this week, showing that a relatively basic program can be run from any computer in Wi-Fi range, to not only disable the camera but freeze the image it is broadcasting. Any legitimate user watching their live or recorded stream therefore sees only their closed door meaning rogue delivery drivers could stealthily and easily steal from peoples homes, even if they are monitoring their door closely.
It’s a steal
Amazon offer the Key service for a mere $249. For that initial outlay, the company sells a special smart door lock and the special in-home wireless camera aimed at the door. Official delivery drivers then use an app to alert Amazon they have arrived, and the company then activate the camera and unlock the door remotely, and the driver then drops off the package, and then tells Amazon to lock the door.
However, Rhino Labs have successfully demonstrated a successful “de-authentication attack.” You can watch the video here. Rhino showed that by continuously blocking the wi-fi signal repeatedly, the image on the Amazon Key app can be frozen until the Wi-Fi jamming ends. The Rhino video then shows a “rogue” delivery person unlocking the door and then clandestinely entering the house while to all intents and purposes the door looks like it has never been opened, at least according to the Cloud Cam feed.
“By being able to disable the camera, we’re essentially reducing that security to essentially just providing a physical key to your home,” said Rhino’s CEO Ben Caudill.
Problem? What problem?
For its part, Amazon told CBS News they do not believe customers would or could be put at risk by the Key service vulnerability. Amazon have stated in their view that the apparent flaw is not a security issue and they say they thoroughly background-check their delivery drivers.
Researchers at Rhino said they were surprised that such a basic vulnerability has been fund in a system designed and sold by one of the world’s biggest Tech companies, that literally opens people’s doors…
Don’t leave your PC wide open to unwanted visitors – download the latest security and anti-malware software now – here on FileHippo.com.