The My Sinful Valentine XXXservice model offered by Amazon Key, which gives the company's delivery corps access to customers' homes via smart lock, sounds kind of sketchy under the best circumstances. Amazon, however, assured potential customers there'd be nothing to worry about with Key — the system offers 24/7 monitoring via the Alexa-enabled Cloud Cam to monitor deliveries.
That security safeguard doesn't look quite so foolproof after a group of researchers from Rhino Security Labs discovered multiple techniques to knock out the Cloud Cam and enter a house equipped with a Key system undetected. The group shared its findings with Wiredand in two videos demonstrated the techniques behind the relatively simple hacks, which could allow unscrupulous delivery people to move around Key-enabled homes undetected.
SEE ALSO: Bluetooth exploit may have impacted 20 million Amazon Echo and Google Home devices, says security firmAll it takes to knock out the camera is a computer running the right software within range of the home's Wi-Fi network. The first demonstration shows the "delivery person" unlocking the door using the PIN code, entering the room to deliver a package, and closing the door behind them, just like they should.
Instead of locking the door, however, the thief runs a "deauth" program to temporarily kick the Cloud Cam off the Wi-Fi network. The denial of service (DoS) script keeps the camera from coming back online for as long as the intruder requires, as the program loops the last frame recorded before going offline. Any live viewers or homeowners reviewing the recording are none the wiser.
After moving out of the camera's range and locking the door to avoid suspicion, the thief could move around the home as they liked.
The second attack is less likely to be put into practice IRL, but it's still worth highlighting. The same style of DoS is used to knock out the Cloud Cam, but the delivery person isn't the thief.
Instead, an unassociated hacker waits for the courier to drop off a package, then triggers the attack before the door is re-locked. Unfortunately, the Key Lock's Wi-Fi connection is through the Cloud Cam — so when the Cam is knocked offline, the Lock goes with it. Once the delivery person is out of the picture, the thief could access the house unimpeded.
Both of these scenarios depend on other variables to actually work without tipping off the system — the delivery person has to exit through another door in the first, while the second hinges on perfect timing and sloppy delivery work — but the vulnerabilities are worth highlighting.
Amazon is aware of the Rhino researcher's findings, but downplayed the actual threat they might pose if put into practice. The company pointed out to us in an email that All Key deliveries have time-stamped reports detailing how long doors are opened and the company alerts customers if the camera goes offline for extended periods of time.
Amazon also trusts its delivery people. A company rep told us that Amazon verifies all of its drivers with a "comprehensive background check," and emphasized how each assignment is tied to an individual driver, so any funny business would be immediately detected.
Still, Amazon will issue an update to the Key software to notify users more quickly if the camera goes offline during delivery, and the service won't unlock the door if the Wi-Fi is disabled and the camera is not online.
Topics Amazon Cybersecurity
Amazon Big Spring Sale 2025: Best air purifier deals from Dyson, Shark, LG, and more
Apple's Sept. 12 event: What to expect from the 'iPhone XS'
Donald Trump unveils his new campaign logo and the internet can't stop making dick jokes
Watch NOAA hurricane hunters fly into the eye of Hurricane Florence
UGREEN Nexode 25000mAh 200W power bank drops to $79.99 at Amazon
The real Wild West actually had a lot in common with the tech industry
Popular Mac apps caught harvesting users' browsing data without consent
A baby Mandrake is the star of this magical 'Harry Potter' photo shoot
'Severance' puts a spin on the Orpheus and Eurydice myth in its Season 2 finale
Playboy model banned from gym for body shaming nude woman on Snapchat
Analyzing Graphics Card Pricing: May 2018
Impressive looking 'Seinfeld' video game is pure fantasy, for now
Trump's VP tweet makes history
Kit Harington wants better queer representation from Marvel, bless him
Weather app glitch makes it look like hell is basically freezing over
Coffee shop finds clever way to inspire good manners in customers
Hurricane Florence storm surges will be amplified by sea level rise
Periscope and Facebook Live help document attempted coup in Turkey
NYT Connections hints and answers for April 25: Tips to solve 'Connections' #684.
How shops and restaurants are creatively cashing in on 'Pokémon Go'
These are the TVs to buy to make the most of PS5 and Xbox Series XWhen will Apple launch the iPhone 12? Here's our best guess.Doctors use algorithms that aren't designed to treat all patients equallyAmazon’s new Echo speaker puts Alexa in an orbGuy scored his first Tinder date using a poem and we are as surprised as he isThe ACLU is way too busy for your hamburger debatesDoctors use algorithms that aren't designed to treat all patients equallyMobile World Congress postponed due to COVID'Console Wars' on CBS All Access review: Big style, short on substanceChrissy Teigen joins the ranks of those who have been blocked by Donald Trump on TwitterEverything coming to Netflix in October 2020Ridepanda is the online store for eSquirrel crashes a pro football game, regrets it immediatelyTwitter will ask everyone if they read an article before they retweet itWhen Microsoft Paint looked done for, the internet creatively weptTitanic 2 could be yours by winning this auction for a Leonardo DiCaprio and Kate Winslet dinnerTwitter will ask everyone if they read an article before they retweet itRadio Flyer is making tiny Teslas for kids nowUber passenger given a whopping $10 credit after his driver engaged in a sex actSperm counts are dropping in the West, but no one is quite sure why Subscribe to The Paris Review and LRB Announcing Our #ReadEverywhere Contest Taste It! by Dan Piepenbring The Morning News Roundup for August 5, 2014 Boule de Suif Happy Birthday, Andy Warhol! Best TV and gaming deal: Sony 4K Ultra HD TV and PS5 bundles on sale for up to 27% off The Morning News Roundup for July 31, 2014 What does endemic mean for COVID? Jessoterica Facebook buried a report on popular posts. So much for transparency. Deal alert: Samsung 65" The Frame Art TV is $549 off The Lean, Mean, Star The Comic Voice: An Interview with Christina Nichol Antonio Basoli’s Alfabeto Pittorico Instagram users in Europe will get chronological feed for Stories and Reels What We’re Loving: Atomic Weapons, Augustus, Ang Lee Weird Spotify Playlists is an unexpected meme that pushes the boundaries Read Everywhere with The Paris Review and LRB Repent at Leisure
2.2354s , 10133.4609375 kb
Copyright © 2025 Powered by 【My Sinful Valentine XXX】,Miracle Information Network