People were a little concerned when the new Amazon Key service was announced. The new Amazon Key service allows couriers inside the house of customers in order to deliver their packages without worrying about someone stealing the packages from the porch outside. Though, critics were worried that letting a stranger inside one’s house may even be worse.
Amazon said customers should not worry as the Amazon Key service works in tandem with the new smart lock (and the new Cloud Cam), so you could check in on your home at the time of delivery and see if anything is missing. Sound somehow okay, right?
But there had to be a catch. Rhino Security Labs researchers recently told Wired that it is easy for unscrupulous couriers or random people in the street to use a simple denial-of-service attack program to freeze the Cloud Cam’s feed from any computer within Wi-Fi range.
It means the courier of someone who followed him/her could wait until after he/she delivered the package to freeze the feed and, afterward, run into the house again before activating the lock. The worse thing is that the Cloud Cam would continue to show the last captured image, which makes it look as if nothing is happening onscreen.Watch the video below.
Amazon has released a statement that it would soon release an update that would provide faster notifications if the camera goes offline. Amazon also defended other aspects of the Key program.
Amazon spokeswoman said, “Safety and security are built into every part of the service.” “Every delivery driver passes a comprehensive background check that is verified by Amazon before they can make in-home deliveries, every delivery is connected to a specific driver, and before we unlock the door for a delivery, Amazon verifies that the correct driver is at the right address, at the intended time. We currently notify customers if the camera is offline for an extended period. Later this week we will deploy an update to more quickly provide notifications if the camera goes offline during delivery. The service will not unlock the door if the Wi-Fi is disabled and the camera is not online.”
Amazon believes the recent findings pose little risk for customers, but it will take action soon. Amazon viewed that the problems lie with Wi-fi protocols, not its own software. Amazon also stressed that their couriers are not allowed to move to the next deliveries until they have completed the process fully (including locking the door), but that doesn’t technically solve the issue brought forward by Rhino’s findings.
Amazon says, it will know which courier was exactly responsible if a courier does do these things, presumably because of the delivery schedule involved in this Key service procedure. Amazon also said, in case something does go wrong, it would work with the client to fulfill Amazon’s Happiness Guarantee in case any products or property are damaged.
So we are waiting for the patch from Amazon.