Amazon Key Flaw Could Let Rogue Deliverymen Disable Your Camera (wired.com) 20
Security researchers claim to have discovered a flaw in Amazon's Key Service, which if exploited, could let a driver re-enter your house after dropping off a delivery. From a report: When Amazon launched its Amazon Key service last month, it also offered a remedy for anyone who might be creeped out that the service gives random strangers unfettered access to your home. That security antidote? An internet-enabled camera called Cloud Cam, designed to sit opposite your door and reassuringly record every Amazon Key delivery. Security researchers have demonstrated that with a simple program run from any computer in Wi-Fi range, that camera can be not only disabled, but frozen. A viewer watching its live or recorded stream sees only a closed door, even as their actual door is opened and someone slips inside. That attack would potentially enable rogue delivery people to stealthily steal from Amazon customers, or otherwise invade their inner sanctum. And while the threat of a camera-hacking courier seems an unlikely way for your house to be burgled, the researchers argue it potentially strips away a key safeguard in Amazon's security system. When WIRED brought the research to Amazon's attention, the company responded that it plans to send out an automatic software update to address the issue later this week.
So what? (Score:1)
If you're dumb enough to let random delivery workers into your house without you being present, you're asking for trouble. Security flaws or not, you're an idiot if you allow this. You're asking for trouble.
Re: (Score:2)
Consider moving.
I'm shocked (Score:1)
Shocked to learn that such a "well thought out idea" like letting random strangers into your house to drop off a package via an automatic door unlocker and camera would have a security flaw.
I mean, damn. What are the odds of this happening? Surely, Amazon would have tested this out before rolling out the system, instead of rushing it out the door in a mad grab for even more cash.
Right?
Right?
Actually the flaw is pretty bad (Score:3)
The good: Amazon promises they'll be pushing out a patch this week.
The bad: It's about as bad a failure mode as is possible: "Most disturbingly, Amazon's camera doesn't respond to that attack by going dark, or alerting the user that the camera is offline. Instead, it continues to show any live viewer—or anyone watching back a recording—the last frame the camera saw when it was connected."
Okay, maybe there's a worse failure mode possible... if the camera, upon losing connectivity, also spontaneously caught fire and burned your house down.
Re: (Score:3)
Re: (Score:2)
I'd say 'the bad' is that you never really know if every flaw is patched
No, you know the answer. The answer is No, they're not patched.
Another problem with the Internet of Things (Score:2)
Hacking my door takes an axe.
Is the camera WiFi only? (Score:2)
How about providing a *wired* (capable) camera. Many people might not use that, but I would be willing to run some CAT5 for extra security or, rather, confidence.
Milk boxes, Ice boxes (Score:1)
Look, stop trying to invent new tech.
Most homes built until the 1980s had a box built into the porch next to the door, or a door built into the house next to the front door, that revealed a 2x2x2 area (sometimes larger) in which you could place things.
It was opened by a key the delivery people had. And inside by a key the owner had (different door).
It was used for ice deliveries, package deliveries, milk deliveries.
Do that. Add a camera or sensor to that.
Don't make the door to your house be open to delivery