The Independent's journalism is supported by our readers. When you purchase through links on our site, we may earn commission.
Amazon delivery staff could secretly unlock your door and enter your home using company’s new product, security researchers say
Experts say they could freeze your security camera so you wouldn't notice a thing
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Amazon’s new delivery service can allow people to enter your home without you knowing, security researchers have found.
Amazon Key lets delivery staff from the company unlock your front door and enter your home to drop off packages when you’re not around.
It relies on an indoor security camera and a smart lock. Unfortunately, these can be disabled, which means people can enter your home – and stick around – undetected.
Researchers at Rhino Security Labs have found a way to freeze the camera feed, so it shows footage of your closed front door even if someone has opened it to come inside.
“The camera is very much something Amazon is relying on in pitching the security of this as a safe solution,” Ben Caudill, the founder of Rhino Security Labs, told Wired.
“Disabling that camera on command is a pretty powerful capability when you’re talking about environments where you’re relying heavily on that being a critical safety mechanism.”
When an Amazon delivery person has been matched with the right package and the right address, the lock will let them in and the camera will record footage of the delivery.
As a safety precaution, the delivery person will not be able to make another trip until they’ve left the house and the door locks again.
However, the Rhino Security Labs researchers discovered that a delivery person who had gained access to an Amazon Key-protected house could prevent the door from locking them out by running a program on a nearby computer designed to knock the camera offline by flooding it with “deauthorization” commands.
They can then re-enter the house undetected. Once they’re inside and have closed the door behind them, they can move out of sight of the camera and unfreeze it.
The door will then lock properly and the feed will update to show real-time footage of your closed front door, as if nothing had happened.
Though Amazon says it will notify you if your camera goes offline "for an extended period" of time, it wouldn't take very long at all for a criminal to successfully execute the manoeuvre.
“Every delivery driver passes a comprehensive background check that is verified by Amazon before they can make in-home deliveries, every delivery is connected to a specific driver, and before we unlock the door for a delivery, Amazon verifies that the correct driver is at the right address, at the intended time,” Amazon told Wired.
“We currently notify customers if the camera is offline for an extended period. Later this week we will deploy an update to more quickly provide notifications if the camera goes offline during delivery.”
Read more on home security
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments