Last month Amazon announced a new service called “Amazon Key” which allowed delivery men to unlock your front door to deliver your package inside the house. While the company promised complete security and took measures to prevent a breach, it looks like they were wrong. Security researchers have now demonstrated that with a simple program run from any computer in Wi-Fi range, that camera can be not only disabled but frozen. This will allow anyone to slip into the house and steal without even getting noticed or recorded on camera.
Amazon responded that the company plans to send out software update later this week to plug this loophole. Researchers at the Seattle based research lab, Rhino Security Labs demonstrated how this hack can be performed and valuables can be stolen. You can check out the video released by the firm below.
The camera is very much something Amazon is relying on in pitching the security of this as a safe solution. Disabling that camera on command is a pretty powerful capability when you’re talking about environments where you’re relying heavily on that being a critical safety mechanism.
– Ben Caudill, Founder Rhino Security Labs
If this wasn’t enough, the company also pointed out a separate scenario where the hacker runs the program to freeze the camera just as the delivery person is about to leave. Since Amazon Key doesn’t have a separate WiFi protocol in place, it gets frozen with the camera leaving the door unlocked and the hacker can easily enter once the delivery person has left the premises. The company although notes that this might be a rare scenario and rogue delivery man hacking the camera is far more practical.
Amazon, on the other hand, said that they train the delivery men to make sure they don’t leave until the door is locked and it shows the same on the app. Also, the company said, they would call customers if they see the door left unlocked for longer duration.
Every delivery driver passes a comprehensive background check that is verified by Amazon before they can make in-home deliveries, every delivery is connected to a specific driver, and before we unlock the door for a delivery, Amazon verifies that the correct driver is at the right address, at the intended time. We currently notify customers if the camera is offline for an extended period. Later this week we will deploy an update to more quickly provide notifications if the camera goes offline during delivery. The service will not unlock the door if the Wi-Fi is disabled and the camera is not online.
The company suggests Amazon to release a complete fix as soon as possible and also suggests ways to record and store videos offline so even if the internet isn’t working, the camera can record the delivery.
In the meantime, it’s recommended to install a backup camera or a CCTV just in case someone tries to hack the camera. Also, you can install some moving object in front of the camera like a clock which can help the user to detect if the image is frozen, or you could take the longer route and not use Amazon Key.