
© Becca Farsace / The Verge
AnalysisAmazon has pushed out an emergency security update to its door-unlocking system called Key - which is used by couriers to
let themselves into people's homes to drop off packages inside when folks are out.
Delivery workers show up at a home, and use a smartphone to temporarily disable the lock on the front door so they can pop in. As part of the system, a Wi-Fi-connected webcam watches the door from the inside to record any theft or other mischief.
One little flaw:
if you flood the camera off the wireless network with deauthorization packets - and an attacker doesn't need to know your Wi-Fi password to do this - it effectively freezes the equipment and prevents the door from being locked. The camera stops streaming its video feed across the internet to Amazon's cloud, so anyone monitoring the scene from Amazon's app will just see a still image: the last shot received. That means they won't see a rogue courier jamming the Wi-Fi and slipping back in to get up to no good.
Amazon's patch, being pushed automatically to devices, will allow the system to instantly alert customers of what could be suspicious activity if the camera is knocked offline, but a bigger question over the technology's security remains unresolved - and may require a hardware fix.
How's that for some disruption?
Bods at Rhino Security Labs revealed this week that they were able to disrupt Amazon's CloudCam, the camera component of the Key system,
causing it to show only the last image captured, and block the lock signal to the smart door lock, and so potentially allow a delivery driver to sneak back into someone's house undetected.The actual method of disruption, flooding the network with deauthorization packets, is not exclusive to Amazon's hardware. It affects pretty much every webcam, device or computer using Wi-Fi to communicate.
It's the same method used by hotels to jam guests' personal hotspots, forcing them to use the location's expensive Wi-Fi.However, because Amazon has linked the camera to its smart door lock as part of an overall package to give customers peace of mind about a stranger entering their home, the Wi-Fi vulnerability is a black mark against the technology.
Comment: Imagine that! People would not only be okay with essentially being wiretapped, but they pay for it! With the growth in
popularity of Echo, it probably won't be long before they accept giving up front door access to a corporation that can remotely unlock your door. So much for privacy.
What's more concerning is that these corporations are often in bed with state agencies. So when they need access or information, they're gonna get it. No more red tape. If we consider the fact that the state and corporation are essentially one and the same, then what you have here is the makings of a truly Orwellian society. So having an entity like Amazon being able to listen in to whatever you say and/or allow access to whoever they want really doesn't bode well. Does anybody really trust any one company that much to allow them into the privacy of their own home? Apparently, they do.
See also:
Knock, knock: Amazon Key will give couriers & hackers access to your home
Comment: Odd how the current discussion parallels the "Jewish problem" of the early 1900s. Back then it led to 2 main solutions: zionism and the creation of Israel, and Hitler's "final solution". The first was a disaster for Palestinians. The second was a disaster for Jews. What disaster awaits Muslim and non-Muslim Europeans today?