Friday, November 17, 2017

Sure, Come On In: "Amazon Key Flaw Could Let Rogue Deliverymen Disable Your Camera" (AMZN)

Lovely.
They say a fix is coming.
From Wired:
When Amazon launched its Amazon Key service last month, it also offered a remedy for anyone—realistically, most people—who might be creeped out that the service gives random strangers unfettered access to your home. That security antidote? An internet-enabled camera called Cloud Cam, designed to sit opposite your door and reassuringly record every Amazon Key delivery.

But now security researchers have demonstrated that with a simple program run from any computer in Wi-Fi range, that camera can be not only disabled but frozen. A viewer watching its live or recorded stream sees only a closed door, even as their actual door is opened and someone slips inside. That attack would potentially enable rogue delivery people to stealthily steal from Amazon customers, or otherwise invade their inner sanctum.

And while the threat of a camera-hacking courier seems an unlikely way for your house to be burgled, the researchers argue it potentially strips away a key safeguard in Amazon's security system. When WIRED brought the research to Amazon's attention, the company responded that it plans to send out an automatic software update to address the issue later this week.

"The camera is very much something Amazon is relying on in pitching the security of this as a safe solution," says Ben Caudill, the founder of the Seattle-based security firm Rhino Security Labs, whose researchers discovered and demonstrated the Amazon Key attack. "Disabling that camera on command is a pretty powerful capability when you’re talking about environments where you’re relying heavily on that being a critical safety mechanism."...MORE
In other Amazon news, From AFNS:
"Popular New Amazon Service Just Comes To Your House And Kills You"