- Jul 22, 2014
- 2,525
A month after Amazon launched Amazon Key, security experts have already identified a flaw in the device's mode of operation that could allow rogue deliverymen to re-enter customer homes without being recorded.
The flaw is specific to Amazon Key, a product that is made up from the Amazon Cloud Cam smart security camera and compatible smart door locks.
Amazon launched Amazon Key at the end of October. The company said Amazon Key will work as a classic home surveillance system, but will also allow authorized deliverymen to open doors while the homeowner is away and drop off packages the user has ordered from Amazon.
Amazon Key susceptible to WiFi deauth attacks
The device raised some privacy concerns right from the start, but it only got worse today when Rhino Security published research showing how they could exploit a simple bug in Amazon Key's WiFi connection to hide re-entries into user's apartments.
The bug is not even that complex, being a simple deauth attack on the Amazon Key's WiFi system. Wi-Fi deauthentication attacks make a device disconnect from its WiFi network, and they've been known for years. There are also tens of toolkits for automating such attacks.
Rhino researchers say that a rogue deliveryman could enter a home protected by an Amazon Key service, deliver his package, and on his way out trigger a simple WiFi deauth attack that makes the Key's Cloud Cam go offline.
Design issues make attack invisible to homeowners
...
The flaw is specific to Amazon Key, a product that is made up from the Amazon Cloud Cam smart security camera and compatible smart door locks.
Amazon launched Amazon Key at the end of October. The company said Amazon Key will work as a classic home surveillance system, but will also allow authorized deliverymen to open doors while the homeowner is away and drop off packages the user has ordered from Amazon.
Amazon Key susceptible to WiFi deauth attacks
The device raised some privacy concerns right from the start, but it only got worse today when Rhino Security published research showing how they could exploit a simple bug in Amazon Key's WiFi connection to hide re-entries into user's apartments.
The bug is not even that complex, being a simple deauth attack on the Amazon Key's WiFi system. Wi-Fi deauthentication attacks make a device disconnect from its WiFi network, and they've been known for years. There are also tens of toolkits for automating such attacks.
Rhino researchers say that a rogue deliveryman could enter a home protected by an Amazon Key service, deliver his package, and on his way out trigger a simple WiFi deauth attack that makes the Key's Cloud Cam go offline.
Design issues make attack invisible to homeowners
...
