Malicious couriers can easily freeze the key cloud camera and roam the customer’s house unattended. Amazon is working on a solution to a bug in surveillance cameras that monitors couriers delivering packages to the homes of major customers. Amazon Key is a recently launched service that allows Amazon Express to place products in the homes of major customers. The service works with Amazon’s new Cloud Cam security camera, smart door locks, and key applications that can remotely unlock doors and display real-time video sources. However, as reported by Wired, Seattle-based security company Rhino Security Labs discovered an error in this process that would cause the cunning courier to freeze the camera. When a customer brings a stranger into an unguarded house, this feature destroys the key components that provide the customer with security.
The attack can be launched within Wi-Fi range, and the attack happens to be located at the location of the hacker’s messenger. The attacker uses a computer to send a large number of “deauthorization” packets to the target cloud camera to prevent them from using the access point when they try to authenticate again. This is a well-known wifi jammer technology and is not specific to Cloud Cam. Even if the Amazon camera is offline, it will continue to display the last photo taken when the camera is connected, so the homeowner does not know whether the view on its app is real-time. Rhino’s demo video showed the deliveryman delivering the package as expected, but after freezing the camera on the photo with the door closed, he re-entered the house. The camera will not record the second entry, and the Key app will not record the second entry.
An Amazon spokesperson told ZDNet sister site CNET that they are currently notifying customers when Cloud Cam is in a “long-term” offline state. An update released later this week will inform users when the camera is offline during the delivery process. If Wi-Fi is disabled and the camera is offline, the service will not unlock the door. The spokesperson said that all major courier companies have undergone comprehensive background checks, and Amazon will check them before they can be delivered. In addition, Amazon links each delivery to a specific driver and verifies that it is the correct driver at the correct address.