Amazon Key System Leaves Homeowners Vulnerable!

Screen Shot 2017-11-20 at 12.57.13 PM.png

Amazon has no doubt become a consumer's leading go to online source for everything. However, trusting Amazon enough to let them unlock your door and come into your home when you're not there is on a different scale of the average retailer consumer relationship wouldn't you think?  Take a look at the Amazon pitch: " Not home? Not a problem. "  that invites delivery people into your home to set your packages inside under the watchful eye of the Amazon Cloud Cam. However, researchers like Rhino Security Labs have shown it’s possible for a courier to knock your camera offline and sneak back into your home unseen.

The Amazon Key system consists of an Amazon Cloud Cam with smart home add-on and one of several compatible smart locks. The idea is that when a delivery is made by one of Amazon’s in-house drivers, they can access the Key system to unlock your door. The package is placed inside, and the door re-locks. Throughout this process, the Key app lets you know what’s going on with a live video feed. Amazon really sells the camera as peace of mind, but that’s where the weak link is, according to Rhino Security Labs.

The Video Above Shows An Amzazon Cloud Cam-DoS Attack Walkthrough

In a proof-of-concept hack, researchers showed it’s possible to disable the camera and gain entry to the home without generating any alerts or warnings. You can see the attack carried out in real time below. The courier first opens the door via the Key app and drops off the package. He closes the door, and everything appears to be going normally. Then, a computer is used to send de-authorization commands to the camera over Wi-Fi that spoof signals from the router. This temporarily disconnects the camera, allowing the delivery driver to walk back inside without being on camera. 

It's really not in the best interest of Amazon to lead customers to think such a system poses no threat. It's long been proven that almost all WiFi devices can be knocked offline temporarily in this way. The most important thing to note here is that the Key app doesn’t let the homeowner know something is amiss. The video feed simply shows the last live frame (a closed door). The driver can even re-lock the door after re-entering the home to ensure nothing looks suspicious in the app. 

Alde Security Solutions beleives there are a string of threats attached to this type of agreement between Amazon and customers just waiting to happen. The risk this type of system poses is just not worth receiving a package when an adult is not there to intercept it as usual. Regardless of trending new offers, consumers are urged to always think of security and safety first!

Sources: Extreme Tech, Rhino Security Labs, Ryan Whitwam 

Video: Benjamin Caudill

Written by: Allyson White, CEO Alde Security Solutions, LLC.