Knock, Knock. Who's There? Another Amazon Key Door-Lock Hack

This is no joke – chap seems to have cracked Amazon’s latest toy Video The security of’s “Key” d

Federal cybersecurity report says nearly 75% of agencies at risk
Facebook’s Zuckerberg To Testify Before US Committee
Pentagon Draws Back the Veil on APT Malware with Sudden Embrace of VirusTotal

This is no joke – chap seems to have cracked Amazon’s latest toy

Video The security of’s “Key” door lock has again been called into question.

The Key is an electrified lock designed to be disabled using a one-time code, a facility that makes it possible for delivery workers to drop stuff off at Amazon Prime members’ homes or businesses. Prime members receive the gear they ordered from Amazon without having to hang around all day, Amazon gets sales it might not otherwise have made and delivery staff get recorded by a WiFi-connected video camera to make sure they don’t steal the family silver.

The devices have already been shown to have one nasty flaw when Rhino Security Labs found a way to flood the camera with junk packets to stop it recording.

Now a hacker has demonstrated another attack on the Key. As shown in the Twitter video below, the attack allows access to doors “locked” by the key even after a delivery worker’s one-time code has been burned.

It’s unclear exactly how the exploit worked, but we can see it relied upon a “dropbox” – a computer of some sort with Wi-Fi connectivity that is able to control the Key. The dropbox can both unlock the Key or somehow leave Amazon’s device incapable of recognising it’s time to lock itself again.

The Register has contacted Amazon and “MG”, the source of the demo, for more information and will update this story if any comes to hand. ®

Go to Source