STE WILLIAMS

Video The security of Amazon.com’s “Key” door lock has again been called into question.

The Key is an electrified lock designed to be disabled using a one-time code, a facility that makes it possible for delivery workers to drop stuff off at Amazon Prime members’ homes or businesses. Prime members receive the gear they ordered from Amazon without having to hang around all day, Amazon gets sales it might not otherwise have made and delivery staff get recorded by a WiFi-connected video camera to make sure they don’t steal the family silver.

The devices have already been shown to have one nasty flaw when Rhino Security Labs found a way to flood the camera with junk packets to stop it recording.

Now a hacker has demonstrated another attack on the Key. As shown in the Twitter video below, the attack allows access to doors “locked” by the key even after a delivery worker’s one-time code has been burned.

I call this the “Break Enter dropbox” and it pairs well with my Amazon Key (smartlock smartcam combo).

It’s all current software. Amazon downplayed the last attack on this product because it needed an evil delivery driver to execute. This doesn’t. pic.twitter.com/35krz46Kab

— MG (@_MG_) February 4, 2018

It’s unclear exactly how the exploit worked, but we can see it relied upon a “dropbox” – a computer of some sort with Wi-Fi connectivity that is able to control the Key. The dropbox can both unlock the Key or somehow leave Amazon’s device incapable of recognising it’s time to lock itself again.

The Register has contacted Amazon and “MG”, the source of the demo, for more information and will update this story if any comes to hand. ®

Sponsored:
Minds Mastering Machines – Call for papers now open

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2018/02/05/amazon_key_hack/