Amazon recently introduced a new service in the US called Amazon Key. Essentially, the novelty allows a delivery person to win the customer’s house key to enter and leave their order if the recipient is not. Only researchers have discovered system failures.
Amazon Key is a service offered to customers of the company’s Prime account. These users can install an electronic lock and an Amazon monitoring camera that ensures the entrant’s entry upon presentation of an identification code.
The camera, in theory, should stay there to monitor the entrant’s input and output and record everything so that the customer can see if the process went well afterwards. It turns out that this camera can easily be manipulated remotely to freeze the image.
Researchers at security company Rhino Security Labs told Wired that all that an attacker needs is a simple computer program and a machine connected to the same Wi-Fi as the Amazon camera. The image can then be frozen so that the customer will then only see a door closed, when in fact a malicious deliveryman may well have gone back to the address and entered again if he did not lock the door the first time .
Amazon said it will issue a software update to address the flaw that allows remote access to the camera. Meanwhile, the company says it “checks the history” of deliverers and has a number of systems in place to ensure the employee enters, exit and lock the door again when leaving.
In addition, Amazon Key provides real-time connection to the user. If the camera is turned off (which is not the case with the hack shown, since the camera is still on but showing a frozen image), the client receives a notification on the cell phone. When the delivery person arrives at the residence, leaves the order and leaves, the user also receives alerts.