Maybe Letting Delivery Drivers Into Home Isn't Actually So Safe

Security firm says it's found flaw in new Amazon Key service
By Michael Harthorne,  Newser Staff
Posted Nov 17, 2017 6:11 PM CST
'Simple' Hack Could Turn Delivery Drivers Into Burglars
   (AP Photo/Reed Saxon, File)

A recent survey of US adults found 68% weren't comfortable giving delivery drivers access to their homes to leave packages inside, as happens with Amazon's new service, the Seattle Times reports. That number may soon go up even further. A security research firm tells CBS News a "really simple" hack could make the service decidedly less secure. With Amazon Key, launched last month, delivery drivers use an app to unlock the front door, drop a package off, and lock the door behind them all while being monitored via a wireless camera. But Rhino Security Labs says a de-authentication attack on the Wi-Fi router could take that camera offline. What's worse, Wired reports doing so wouldn't suspiciously send the camera to black but just freeze it on the last scene it recorded—such as a harmlessly closed door.

This security flaw could be used in two ways. The delivery driver could drop off the package and leave the house but not lock the door, disable the camera using a computer of any kind, then re-enter the home and lock the door. To a user monitoring through the Amazon Key app, this would make everything appear fine while the driver roams about their home. A hacker following a delivery driver could also disable the digital lock and camera just before the driver locks the home. Amazon says the flaw isn't with its Amazon Key software but rather one that is inherent in Wi-Fi routers. It says a de-authentication attack is "unlikely" but it will release a software update to "more quickly provide notification if the camera goes offline during delivery." (More Amazon stories.)

Get the news faster.
Tap to install our app.
Install the Newser News app
in two easy steps:
1. Tap in your navigation bar.
2. Tap to Add to Home Screen.