New video shows Amazon Key getting hacked and raises smart lock security fears

Another week, another claimed vulnerability

Amazon Key door lock hacked again

You’d never believe that Amazon Key, the service that enables Amazon delivery drivers to unlock your door and put your parcels inside, could actually be a security risk – but a new hack as shown that the system has a couple of flaws.

A video posted on Twitter shows a hacker unlocking the Amazon Key protected door, using a special device. The man, who is only known as 'MG', says that he wouldn’t reveal the details as to let the technique be "abused in the wild”.

Essential reading: The best smart locks

The video shows the attacker setting up what he calls a 'Dropbox' and concealing the device near the door. When a delivery takes place, this device – a Raspberry Pi – intercepts the app and lock communicating. When the attacker returns, he opens the door and removes the device, an the video seems to show that he now has complete control of the lock.

For the uninitiated, Amazon Key is a service launched by the company last year for Prime services. It’s a combination of a smart lock and security camera, which enables an Amazon delivery driver to open and relock your door after dropping off your package. You can watch on the camera, and the smart locks are supplied by Kwikset.

There have been multiple reports of hacks since the service went live, with some exploiting vulnerabilities around the camera and Wi-Fi network. Amazon has responded each time, and in this case it released a detailed statement to Forbes, which claimed that the hack was only possible theoretically – and not in real world situations.

"The security features built into the delivery application technology used for in-home delivery are not being used in the demonstration,” Kristen Kish, Amazon spokesperson, told Forbes.

Amazon claims the demonstration shows a vulnerability between the customer version of the app and the door, not the delivery driver's, which it claims has an added layer of security. Of course, that’s still a sizeable vulnerability, and Amazon says it’s working on a fix. Amazon also pointed out that there are many layers of added security, including the driver checking that the door is locked before they leave.

As smart locks become more prevalent, this kind of flaw has to be stamped out. Consumer trust can’t be built with these kinds of flaws seemingly being found on a weekly basis.

TAGGED   amazon

What do you think?

Reply to
Your comment