This is no joke â chap seems to have cracked Amazonâs latest toy Video The security of Amazon.comâs âKeyâ d
This is no joke â chap seems to have cracked Amazonâs latest toy
Video The security of Amazon.comâs âKeyâ door lock has again been called into question.
The Key is an electrified lock designed to be disabled using a one-time code, a facility that makes it possible for delivery workers to drop stuff off at Amazon Prime membersâ homes or businesses. Prime members receive the gear they ordered from Amazon without having to hang around all day, Amazon gets sales it might not otherwise have made and delivery staff get recorded by a WiFi-connected video camera to make sure they donât steal the family silver.
The devices have already been shown to have one nasty flaw when Rhino Security Labs found a way to flood the camera with junk packets to stop it recording.
Now a hacker has demonstrated another attack on the Key. As shown in the Twitter video below, the attack allows access to doors âlockedâ by the key even after a delivery workerâs one-time code has been burned.
I call this the “Break & Enter dropbox” and it pairs well with my Amazon Key (smartlock & smartcam combo).
It’s all current software. Amazon downplayed the last attack on this product because it needed an evil delivery driver to execute. This doesn’t. pic.twitter.com/35krz46Kab
â MG (@_MG_) February 4, 2018
Itâs unclear exactly how the exploit worked, but we can see it relied upon a âdropboxâ â a computer of some sort with Wi-Fi connectivity that is able to control the Key. The dropbox can both unlock the Key or somehow leave Amazonâs device incapable of recognising itâs time to lock itself again.
The Register has contacted Amazon and âMGâ, the source of the demo, for more information and will update this story if any comes to hand. Â®