- How to watch ‘Kidding’ for free 2 Years Ago
- What’s the deal with Bran Stark at the end of ‘Game of Thrones’? Today 6:30 AM
- How to watch TruTV online for free Today 6:00 AM
- Fans call out Madonna for edited Eurovision video Tuesday 9:36 PM
- Partnered Twitch streamer temporarily banned for airing troll’s racist message Tuesday 8:45 PM
- Reddit theory says fans are wrong about who won ‘Game of Thrones’ Tuesday 6:52 PM
- Elon Musk hires ‘absolute unit’ sheep meme creator to be Tesla’s social media manager Tuesday 6:12 PM
- Jason Momoa stands by his Khaleesi after the ‘Game of Thrones’ finale Tuesday 4:05 PM
- Airbnb, 23andMe partner for creepy heritage travel recommendations Tuesday 3:26 PM
- Rep. Katie Porter goes viral again for trouncing Ben Carson (updated) Tuesday 3:26 PM
- This deepfake takes Bill Hader’s Schwarzenegger impression to the next level Tuesday 2:58 PM
- Wanda Sykes rails against Trump and offers much-needed perspective in ‘Not Normal’ Tuesday 2:41 PM
- Man arrested after allegedly threatening to shoot YouTube employees Tuesday 2:13 PM
- Some House Dems are backing away from the Save the Internet Act Tuesday 1:40 PM
- Thousands sign petition calling for Danny DeVito to play Wolverine Tuesday 1:02 PM
Couriers could freeze the video feed without customers noticing.
Security experts and Amazon Prime members unsurprisingly expressed their concerns following the announcement of Amazon Key, a new service where couriers deliver items inside your home. Amazon reassured customers, explaining the service can only be used once customers point the internet-connected Cloud Cam camera at their door. With it, customers can ensure the stranger delivering their package doesn’t step out of line.
Problem solved, right? Well, it turns out the camera only makes matters worse.
Security researchers discovered a critical vulnerability in Cloud Cam that would allow a courier to disable or freeze the video feed using any computer in Wi-Fi range, reports Wired. The hack would open a window for a rogue courier to enter a home and steal from Amazon customers. All a customer would see as their home is being ransacked is the frozen image of their closed front door.
Ben Caudill, the founder of security firm Rhino Security Labs, which discovered the Amazon Key flaw, uploaded a video demonstrating how it works.
The clip first shows how the service should work, before demoing the attack. First, a courier opens the door, delivers a package inside the home, then closes and locks the door while the Cloud Cam tracks the entire process without any problems. The second part shows what happens when the denial-of-service software is applied. This time, the man opens the door but the video feed shows it’s still closed. Once inside, all he’d need to do is move out of the camera’s view, stop the malicious software so the camera reconnects, and lock the door via the app.
Hackers wouldn’t even need a computer to break in. Rhino Security Labs’ researchers say it can all be done on a handheld device made with a Raspberry Pi and antenna that sends “deauthorization” commands to the camera.
“The camera is very much something Amazon is relying on in pitching the security of this as a safe solution,” Caudill told Wired. “Disabling that camera on command is a pretty powerful capability when you’re talking about environments where you’re relying heavily on that being a critical safety mechanism.”
That isn’t the only vulnerability plaguing Amazon’s new delivery service. Rhino researchers say a hacker could follow a courier and enable the Wi-Fi deauthorization software as they are leaving someone’s home. Because the camera connects to a smart lock on the front door via Zigbee, the hack would prevent the door from locking.
Amazon told Wired it would release an update later this week to partially fix these security flaws.
“We currently notify customers if the camera is offline for an extended period,” Amazon said in a statement. “Later this week we will deploy an update to more quickly provide notifications if the camera goes offline during delivery.”
Rhino explains a complete fix could potentially undermine the new Key service. Caudill’s suggestion for protecting yourself from Key? Don’t use it at all. If you want to give it a try anyway, do yourself a favor and install a separate camera.
Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.