Home / Channel / General Tech / Amazon Key exploit allows couriers to re-enter your home

Amazon Key exploit allows couriers to re-enter your home

Last month, Amazon announced its unusual new scheme that allows couriers to enter its customer’s homes in order to deliver parcels. While the company managed to quell many security concerns with Amazon Key, it turns out there’s one fatal flaw that could allow the same courier to re-enter your home unbeknown to you.

The system itself relies on communication of apps and Amazon’s Cloud Cam to ensure enough precautions are taken that customers feel safe enough to use the service. Specifically, the user will get email notifications when the parcel is on the way, when the driver has arrived and as the driver enters the code to unlock your door. The cam will be prompted on that second step, making sure to record the driver as they unload the delivery until they leave the premises entirely.

It all sounds safe and secure, until security researchers came across an exploit that allows the camera to be disabled and frozen by a third party application. The Wire reports that this program can be opened from a device within WiFi range, giving video footage of a closed door despite that not being the case.

“The camera is very much something Amazon is relying on in pitching the security of this as a safe solution,” Rhino Labs founder Benjamin Caudill told Wired. “Disabling that camera on command is a pretty powerful capability when you’re talking about environments where you’re relying heavily on that being a critical safety mechanism.”

Caudill replicated the DoS attack to showcase exactly what could happen with such a vulnerable security flaw. The parcel is delivered as expected, so as to not raise any suspicion, however once the program is run, the courier has the ability to re-enter the home without notifying the Cloud Cam or the history of authorised unlocks.

This exploit isn’t just in the hands of Amazon couriers, mind you, as anyone that knows about the exploit could spot or wait for a delivery to then execute the deauthorisation command.

Amazon has directly responded to this vulnerability, stating that Amazon Key users will be notified if the Cloud Cam goes offline for a prolonged period of time. “Later this week we will deploy an update to more quickly provide notifications if the camera goes offline during delivery,” read a statement made to Wired. “Every delivery driver passes a comprehensive background check that is verified by Amazon before they can make in-home deliveries, every delivery is connected to a specific driver, and before we unlock the door for a delivery, Amazon verifies that the correct driver is at the right address, at the intended time.”

KitGuru Says: It will be hard to quell security concerns when this system relies so heavily on trusting strangers and digital systems. Still, Amazon is thinking outside the box (pun intended) and this is early days for such an experiment. Would you employ a system like Amazon Key?

Become a Patron!

Check Also

Gamdias unveils its best-looking AIO CPU cooler yet

Nowadays, everyone wants an AIO cooler with an LCD display on the pump. Gamdias is …

One comment

  1. The most surprising part of the video is how noisy the lock is….

We've noticed that you are using an ad blocker.

Thank you for visiting KitGuru. Our news and reviews teams work hard to bring you the latest stories and finest, in-depth analysis.

We want to be as informative as possible – and to help our readers make the best buying decisions. The mechanism we use to run our business and pay some of the best journalists in the world, is advertising.

If you want to support KitGuru, then please add www.kitguru.net to your ad blocking whitelist or disable your adblocking software. It really makes a difference and allows us to continue creating the kind of content you really want to read.

It is important you know that we don’t run pop ups, pop unders, audio ads, code tracking ads or anything else that would interfere with the KitGuru experience. Adblockers can actually block some of our free content, such as galleries!