Skip to main content
  1. Home
  2. Smart Home
  3. News

Researchers already found a way to fool Amazon Key and shut off your camera

Lulu Chang
By

amazon key hack news camera
Image used with permission by copyright holder
It sounded too good to be true from the start: A lock that allowed deliverymen and service providers in without a key, all while promising to be perfectly safe and monitorable. We’re talking, of course, about Amazon Key, a system that allows folks into your home once they have scanned a unique barcode. We called it “invasive and creepy” once it was announced and now that a report from Wired suggests the system can be hacked, our opinion seems further justified.

A team of security researchers from Seattle-based Rhino Security Labs demonstrated that Amazon Key and its companion Cloud Cam could be disabled and frozen, allowing just about anyone to waltz into your home. If the system is thus disarmed, even if you’re watching a “live” stream, you wouldn’t see anything out of the ordinary. This wasn’t just an unfounded claim — when Wired told Amazon about the new security research, the company noted that it would issue a software patch to fix the problem “later this week.”

Recommended Videos

So how exactly would an attack work? According to Rhino, a delivery person would first have to gain legitimate access, unlocking your door with the Amazon Key app. But instead of relocking the door with their app, they could simply run a program either on a computer or on a handheld device built with a Raspberry Pi and an antenna that would deauthorize the Cloud Cam. Rather than going dark, the Cloud Cam would simply continuously show the last frame recorded before it was deauthorized. That means that the attacker, or anyone else, would go undetected.

Related

To be fair, the likelihood of such an attack is rather slim. An attacker would have to be authorized to deliver a package at a certain address and time, regardless of whether or not the Cloud Cam were switched on or off. “Every delivery driver passes a comprehensive background check that is verified by Amazon before they can make in-home deliveries, every delivery is connected to a specific driver, and before we unlock the door for a delivery, Amazon verifies that the correct driver is at the right address, at the intended time,” Amazon pointed out. So unless a delivery person had a longstanding plan to do something nefarious, the whole scenario is rather unlikely. All the same, Amazon noted in a statement, “We currently notify customers if the camera is offline for an extended period. Later this week we will deploy an update to more quickly provide notifications if the camera goes offline during delivery.”

Image used with permission by copyright holder

Perhaps more concerning, however, is the fact that when a Cloud Cam is disabled, the Amazon Key is also disconnected. After all, the lock doesn’t maintain its own internet connection, as it relies upon the “Zigbee wireless protocol to the Cloud Cam, which acts as its connection to the Wi-Fi router and the rest of the internet,” Wired reports. This means that a potential thief could just follow a delivery person, and send the deauthorization command as the delivery is completed. Then, once is the coast is clear, the criminal could simply walk through the unlocked door.

Of course, this would involve a delivery person not paying attention to whether or not the door locked behind him or her, and Amazon notes that it instructs drivers not to leave a house if the door is unlocked. Plus, Amazon is also supposed to call a customer if a door is left unlocked for more than a few minutes.

Editors' Recommendations

Topics
Lulu Chang
Lulu Chang
Former Digital Trends Contributor
Fascinated by the effects of technology on human interaction, Lulu believes that if her parents can use your new app…
How to make your Amazon Echo bark like a dog to scare off intruders
how to make your amazon echo bark like a dog alexa guard plus skill

Do you have a smart security cam and an Echo device? Then we have a cool security trick that you can enable to scare away potential intruders. It’s the ability to make your Echo bark loudly like a dog at just the right times to protect your home. If you’re interested, here’s exactly how to set it up!
Step 1: Sign up for Alexa Guard Plus

Alexa Guard comes in two different flavors, the free version and Alexa Guard Plus. The free Alexa Guard is quite limited: When you enable it, it can listen for smoke alarms or glass breaking and send you alerts or flash any connected smart lights as a deterrent. It’s useful in its own way, but not exactly a replacement for a security system.

Read more
How to use your smart display as a security camera
Amazon Echo Show 8 2021 pan and zoom camera.

The modern smart home supports a number of web-connected devices, including lighting, locks, and thermostats. Chief amongst the hardware, under a mighty umbrella all its own, is smart security. This is everything from cameras to motion sensors, video doorbells, and floodlights. Once this bevy of gear is connected your home network, you can view live footage on the go, receive motion-trigger alerts, and even communicate with couriers and other front-door dwellers using two-way audio chat.

While these systems are becoming increasingly more affordable, some top-tier hardware still costs a pretty penny. If you can't spare the dough for an all-hands-on-deck security suite but want the ability to monitor your home, a new smart display may be all you need. Smart displays are equipped with innate video chat functions including cams and mics -- so they’re already a natural fit for indoor security cams. Both Alexa and Google Home have options to turn their respective smart displays -- Echo Shows and Nest Hubs -- into security cams under the right conditions. Here’s how to enable these security modes and what you should know about using them!
How to use you Amazon Echo Show as a security camera

Read more
7 things you didn’t know your Amazon Alexa smart display could do
Amazon Echo Show 10 (3rd Gen) side.

Everyone knows the Echo Show can walk you through recipes, drop-in to chat with relatives, and let you control your smart home with just a few taps of a button. But did you know that it has a lot of lesser-known features, too?

While these aren't exactly hidden features, they aren't as well-known as many of the mainstream features the Echo Show is capable of. You might find that your Amazon Alexa smart display is can do much more than you thought.
Alexa can make restaurant reservations
You don't have to navigate complicated audio menus or wade through incomprehensible websites to secure a table for date night. Thanks to the OpenTable Skill with Alexa, you can make restaurant reservations straight from your Echo Show.

Read more