Knock, Knock. Who's There? Another Amazon Key Door-Lock Hack

This is no joke – chap seems to have cracked Amazon’s latest toy Video The security of Amazon.com’s “Key” d

Cyberwar: A Guide To The Frightening Future Of Online Conflict
US Military Data Reportedly Left On Unsecured Amazon Server
IDG Contributor Network: Dealing with NIST's about-face on password complexity

This is no joke – chap seems to have cracked Amazon’s latest toy

Video The security of Amazon.com’s “Key” door lock has again been called into question.

The Key is an electrified lock designed to be disabled using a one-time code, a facility that makes it possible for delivery workers to drop stuff off at Amazon Prime members’ homes or businesses. Prime members receive the gear they ordered from Amazon without having to hang around all day, Amazon gets sales it might not otherwise have made and delivery staff get recorded by a WiFi-connected video camera to make sure they don’t steal the family silver.

The devices have already been shown to have one nasty flaw when Rhino Security Labs found a way to flood the camera with junk packets to stop it recording.

Now a hacker has demonstrated another attack on the Key. As shown in the Twitter video below, the attack allows access to doors “locked” by the key even after a delivery worker’s one-time code has been burned.

It’s unclear exactly how the exploit worked, but we can see it relied upon a “dropbox” – a computer of some sort with Wi-Fi connectivity that is able to control the Key. The dropbox can both unlock the Key or somehow leave Amazon’s device incapable of recognising it’s time to lock itself again.

The Register has contacted Amazon and “MG”, the source of the demo, for more information and will update this story if any comes to hand. ®

Go to Source

COMMENTS