Amazon delivery staff could secretly unlock your door and enter your home using company’s new product, security researchers say

Experts say they could freeze your security camera so you wouldn't notice a thing

Aatif Sulleyman
Friday 17 November 2017 18:14
Comments

Amazon’s new delivery service can allow people to enter your home without you knowing, security researchers have found.

Amazon Key lets delivery staff from the company unlock your front door and enter your home to drop off packages when you’re not around.

It relies on an indoor security camera and a smart lock. Unfortunately, these can be disabled, which means people can enter your home – and stick around – undetected.

Researchers at Rhino Security Labs have found a way to freeze the camera feed, so it shows footage of your closed front door even if someone has opened it to come inside.

“The camera is very much something Amazon is relying on in pitching the security of this as a safe solution,” Ben Caudill, the founder of Rhino Security Labs, told Wired.

“Disabling that camera on command is a pretty powerful capability when you’re talking about environments where you’re relying heavily on that being a critical safety mechanism.”

When an Amazon delivery person has been matched with the right package and the right address, the lock will let them in and the camera will record footage of the delivery.

As a safety precaution, the delivery person will not be able to make another trip until they’ve left the house and the door locks again.

However, the Rhino Security Labs researchers discovered that a delivery person who had gained access to an Amazon Key-protected house could prevent the door from locking them out by running a program on a nearby computer designed to knock the camera offline by flooding it with “deauthorization” commands.

They can then re-enter the house undetected. Once they’re inside and have closed the door behind them, they can move out of sight of the camera and unfreeze it.

The door will then lock properly and the feed will update to show real-time footage of your closed front door, as if nothing had happened.

Though Amazon says it will notify you if your camera goes offline "for an extended period" of time, it wouldn't take very long at all for a criminal to successfully execute the manoeuvre.

“Every delivery driver passes a comprehensive background check that is verified by Amazon before they can make in-home deliveries, every delivery is connected to a specific driver, and before we unlock the door for a delivery, Amazon verifies that the correct driver is at the right address, at the intended time,” Amazon told Wired.

“We currently notify customers if the camera is offline for an extended period. Later this week we will deploy an update to more quickly provide notifications if the camera goes offline during delivery.”

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in