Third party people can disable your Amazon Key’s Camera allowing couriers to reenter into your home

Now security researchers have discovered that the camera can be silenced and frozen from a script run from any machine within Wi-Fi range, reports News. That means a consumer watching a delivery will only see a closed door, even if someone reopens the door and goes inside a vulnerability that may provide rogue dispatchers to rob customers’ homes.

“The camera is very extremely something Amazon is relying on upon raising the security of this as a safe solution,” Ben Caudill, the founder of Rhino Security Labs told News. Researchers from the security firm revealed the Amazon Key attack and replicated it. “Disabling that camera command is a much powerful capability when you’re talking about situations where you’re relying heavily on that being a critical safety mechanism.”

The video explanation of the attack shows a man dropping off a parcel inside a house. The Amazon Key app shows the distribution goes as normal and indicates the door is locked as the courier leaves. But once the disabling program is run, and the delivery guy reenters the apartment, the app just shows the door remains closed.

The explanation is a proof-of-concept and a deauthorization procedure. If the camera is turned off, even manually by the user, you do get a push information a few minutes later saying it’s offline. Someone needing to break into a home could follow an Amazon courier and wait for them to make a delivery. They could trigger a deauthorization command as the dispatcher is leaving and cause Amazon Key to go offline, which would prevent the door from locking.

But Amazon does have a method in place that’s meant to avoid these situations from happening; the courier has to unlock the door, leave, then manually relock, and the client will get a notification when they do so. If a dispatcher left and the door was not quickly locked again, the consumer would know something is off, although an attack like this would stop them from seeing exactly what happened. The dispatcher also can’t move on to their next delivery, according to Amazon’s procedures, till the door has been locked and that action has been confirmed the cloud.

Take your time to comment on this article.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients